Match for Cisco routers but not switches?
I am looking to create an alert checker to send an alert when an Ethernet interface on a Cisco IOS router goes down- for example when the router is still up and available in monitoring, but a physical link is down due to a local switch failure, carrier CPE down, peer (unamanaged) router down... We receive syslogs of course, but these can occasionally get lost in the flood and not noticed as actionable by NOC staff.
Is there an effective way to make a device match for Cisco routers, but not Cisco switches? The OS type both show up as "ios", and I haven't found something router-specific to successfully match on. I can do this individually by device name, but unfortunately our naming scheme isn't specific enough to match them all with *rt* or *wan or similar.
As you can see below, I set the device match to "os equals ios" which includes switches that have a ton of link-down-but-enabled ports on them!
Thank you, Andrew
[image: Inline image 2]
Differentiating between routers and switches is pretty difficult these days.
You might be able to do it with marginally complex hardware regexps.
Adam.
Sent with AquaMail for Android http://www.aqua-mail.com
On 12 September 2015 17:43:49 Andrew Plas andrewp.plas@gmail.com wrote:
I am looking to create an alert checker to send an alert when an Ethernet interface on a Cisco IOS router goes down- for example when the router is still up and available in monitoring, but a physical link is down due to a local switch failure, carrier CPE down, peer (unamanaged) router down... We receive syslogs of course, but these can occasionally get lost in the flood and not noticed as actionable by NOC staff.
Is there an effective way to make a device match for Cisco routers, but not Cisco switches? The OS type both show up as "ios", and I haven't found something router-specific to successfully match on. I can do this individually by device name, but unfortunately our naming scheme isn't specific enough to match them all with *rt* or *wan or similar.
As you can see below, I set the device match to "os equals ios" which includes switches that have a ton of link-down-but-enabled ports on them!
Thank you, Andrew
[image: Inline image 2]
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Seems like a case for a custom field capability in the host records. If this were available in the alerting system and group system, then devices could be categorized accordingly. That would also solve (potentially) issues like ISP port speed versus native port speed, when necessary. I know the theme of Observium is not to have to meddle with manual setup, but sometimes it is unavoidable if necessary information cannot be pulled from the devices themselves.
Regards, Mark
On 9/12/2015 10:00 AM, Adam Armstrong wrote:
Differentiating between routers and switches is pretty difficult these days.
You might be able to do it with marginally complex hardware regexps.
Adam.
Sent with AquaMail for Android http://www.aqua-mail.com https://canit.willingminds.com/canit/urlproxy.php?_q=aHR0cDovL3d3dy5hcXVhLW1haWwuY29t
On 12 September 2015 17:43:49 Andrew Plas andrewp.plas@gmail.com wrote:
I am looking to create an alert checker to send an alert when an Ethernet interface on a Cisco IOS router goes down- for example when the router is still up and available in monitoring, but a physical link is down due to a local switch failure, carrier CPE down, peer (unamanaged) router down... We receive syslogs of course, but these can occasionally get lost in the flood and not noticed as actionable by NOC staff.
Is there an effective way to make a device match for Cisco routers, but not Cisco switches? The OS type both show up as "ios", and I haven't found something router-specific to successfully match on. I can do this individually by device name, but unfortunately our naming scheme isn't specific enough to match them all with *rt* or *wan or similar.
As you can see below, I set the device match to "os equals ios" which includes switches that have a ton of link-down-but-enabled ports on them!
Thank you, Andrew
Inline image 2 _______________________________________________ observium mailing list observium@observium.org mailto:observium%40observium.org http:/ /postman.memetic.org/cgi-bin/mailman/listinfo/ observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
This message has been scanned by CanIt-PRO.
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Just like Solarwinds... :D
As much as I [love]hate Orion, the custom attributes function is amazingly useful, and I'd [love]love to see something similar in Observium. The place it has been the most useful for me in the past is actually at the interface level...to define circuit information and contact details for raising trouble tickets, which can be included in alert messages. That way, if you get an alert while you're out and about without your laptop handy for VPN access you still have a clickable phone number on your mobile to dial into the carrier to open a support case, along with the CID and any other relevant details. Feature request? Yes!
The other place it was exceptionally useful was in the primary dashboard; you can have a tree with site/location as the top level, with a custom "node type" property as the next level. The Observium groups feature, however, is incredibly powerful for both alerting and for quick navigation within the interface, so having a custom node type attribute would be a little redundant in that respect. Feature request? Meh, not really.
On Sat, Sep 12, 2015 at 10:10 AM, Mark D. Nagel mnagel@willingminds.com wrote:
Seems like a case for a custom field capability in the host records. If this were available in the alerting system and group system, then devices could be categorized accordingly. That would also solve (potentially) issues like ISP port speed versus native port speed, when necessary. I know the theme of Observium is not to have to meddle with manual setup, but sometimes it is unavoidable if necessary information cannot be pulled from the devices themselves.
Regards, Mark
On 9/12/2015 10:00 AM, Adam Armstrong wrote:
Differentiating between routers and switches is pretty difficult these days.
You might be able to do it with marginally complex hardware regexps.
Adam.
Sent with AquaMail for Android http://www.aqua-mail.com https://canit.willingminds.com/canit/urlproxy.php?_q=aHR0cDovL3d3dy5hcXVhLW1haWwuY29t
On 12 September 2015 17:43:49 Andrew Plas andrewp.plas@gmail.com andrewp.plas@gmail.com wrote:
I am looking to create an alert checker to send an alert when an Ethernet interface on a Cisco IOS router goes down- for example when the router is still up and available in monitoring, but a physical link is down due to a local switch failure, carrier CPE down, peer (unamanaged) router down... We receive syslogs of course, but these can occasionally get lost in the flood and not noticed as actionable by NOC staff.
Is there an effective way to make a device match for Cisco routers, but not Cisco switches? The OS type both show up as "ios", and I haven't found something router-specific to successfully match on. I can do this individually by device name, but unfortunately our naming scheme isn't specific enough to match them all with *rt* or *wan or similar.
As you can see below, I set the device match to "os equals ios" which includes switches that have a ton of link-down-but-enabled ports on them!
Thank you, Andrew
[image: Inline image 2] _______________________________________________ observium mailing list observium@observium.org http:/ /postman.memetic.org/cgi-bin/mailman/listinfo/ observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
This message has been scanned by CanIt-PRO.
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mark D. Nagel, CCIE #3177 Emeritus mnagel@willingminds.com mnagel@willingminds.com Principal Consultant, Willing Minds LLC (http://www.willingminds.com) cell: 949-279-5817, desk: 714-495-4001, fax: 714-844-4698
** For faster support response time, please ** email support@willingminds.com or call 714-495-4000
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
The ability to do the device match on a custom field seems like it would be suitable. Barring that, are there any examples of using multiple strings in the alert checker's device match? Is an array even possible with the match criteria? Or can I simply specify several "hardware" attributes in the match of one alert checker? I have about a dozen different models of Cisco routers, mostly 1921's and 2921's, so it would be rather messy to create an alert checker for each type of device.
Thanks! Andrew
On Mon, Sep 14, 2015 at 12:49 AM, Aaron Finney aaron.finney@openx.com wrote:
Just like Solarwinds... :D
As much as I [love]hate Orion, the custom attributes function is amazingly useful, and I'd [love]love to see something similar in Observium. The place it has been the most useful for me in the past is actually at the interface level...to define circuit information and contact details for raising trouble tickets, which can be included in alert messages. That way, if you get an alert while you're out and about without your laptop handy for VPN access you still have a clickable phone number on your mobile to dial into the carrier to open a support case, along with the CID and any other relevant details. Feature request? Yes!
The other place it was exceptionally useful was in the primary dashboard; you can have a tree with site/location as the top level, with a custom "node type" property as the next level. The Observium groups feature, however, is incredibly powerful for both alerting and for quick navigation within the interface, so having a custom node type attribute would be a little redundant in that respect. Feature request? Meh, not really.
On Sat, Sep 12, 2015 at 10:10 AM, Mark D. Nagel mnagel@willingminds.com wrote:
Seems like a case for a custom field capability in the host records. If this were available in the alerting system and group system, then devices could be categorized accordingly. That would also solve (potentially) issues like ISP port speed versus native port speed, when necessary. I know the theme of Observium is not to have to meddle with manual setup, but sometimes it is unavoidable if necessary information cannot be pulled from the devices themselves.
Regards, Mark
On 9/12/2015 10:00 AM, Adam Armstrong wrote:
Differentiating between routers and switches is pretty difficult these days.
You might be able to do it with marginally complex hardware regexps.
Adam.
Sent with AquaMail for Android http://www.aqua-mail.com https://canit.willingminds.com/canit/urlproxy.php?_q=aHR0cDovL3d3dy5hcXVhLW1haWwuY29t
On 12 September 2015 17:43:49 Andrew Plas andrewp.plas@gmail.com andrewp.plas@gmail.com wrote:
I am looking to create an alert checker to send an alert when an Ethernet interface on a Cisco IOS router goes down- for example when the router is still up and available in monitoring, but a physical link is down due to a local switch failure, carrier CPE down, peer (unamanaged) router down... We receive syslogs of course, but these can occasionally get lost in the flood and not noticed as actionable by NOC staff.
Is there an effective way to make a device match for Cisco routers, but not Cisco switches? The OS type both show up as "ios", and I haven't found something router-specific to successfully match on. I can do this individually by device name, but unfortunately our naming scheme isn't specific enough to match them all with *rt* or *wan or similar.
As you can see below, I set the device match to "os equals ios" which includes switches that have a ton of link-down-but-enabled ports on them!
Thank you, Andrew
[image: Inline image 2] _______________________________________________ observium mailing list observium@observium.org http:/ /postman.memetic.org/cgi-bin/mailman/listinfo/ observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
This message has been scanned by CanIt-PRO.
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mark D. Nagel, CCIE #3177 Emeritus mnagel@willingminds.com mnagel@willingminds.com Principal Consultant, Willing Minds LLC (http://www.willingminds.com) cell: 949-279-5817, desk: 714-495-4001, fax: 714-844-4698
** For faster support response time, please ** email support@willingminds.com or call 714-495-4000
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- *Aaron Finney | **Network Engineer*
888 East Walnut Street, 2nd Floor | Pasadena, CA 91101 office: +1 (626) 466-1141 x6035
Watch how we make online advertising simple: http://bit.ly/Ent_vid www.openx.com | follow us on: Twitter http://www.twitter.com/ Facebook http://www.facebook.com/ LinkedIn http://www.linkedin.com/
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
On Tue, Sep 15, 2015 at 04:34:37PM -0500, Andrew Plas wrote:
The ability to do the device match on a custom field seems like it would be suitable. Barring that, are there any examples of using multiple strings in the alert checker's device match? Is an array even possible with the match criteria? Or can I simply specify several "hardware" attributes in the match of one alert checker? I have about a dozen different models of Cisco routers, mostly 1921's and 2921's, so it would be rather messy to create an alert checker for each type of device.
Thanks! Andrew
Its a fairly clean way, to put multiple associations in the alert checker (thats how to do OR). -Nick
What is the correct syntax for the device association?
I tired the following in the device association (and rebuilt the alert checker) and they're not matching on any devices. "hardware" is a proper attribute per http://www.observium.org/docs/attribs_metrics/, so how do I leverage OR to select multiple device types?
I also tried "match" instead of "equals" in the statement.
hardware equals C881-K9 hardware equals CISCO881-SEC-K9
hardware equals C881-K9 or hardware equals CISCO881-SEC-K9
hardware equals C881-K9 or CISCO881-SEC-K9
On Tue, Sep 15, 2015 at 5:40 PM, Nick Schmalenberger <nick@schmalenberger.us
wrote:
On Tue, Sep 15, 2015 at 04:34:37PM -0500, Andrew Plas wrote:
The ability to do the device match on a custom field seems like it would
be
suitable. Barring that, are there any examples of using multiple strings in the
alert
checker's device match? Is an array even possible with the match criteria? Or can I simply specify several "hardware" attributes in the match of one alert checker? I have about a dozen different models of Cisco routers, mostly 1921's and 2921's, so it would be rather messy to create an alert checker for each type of device.
Thanks! Andrew
Its a fairly clean way, to put multiple associations in the alert checker (thats how to do OR). -Nick _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
create multiple associations. Create it for one, then go back into the checker and hit "add", and y ou can add another association that's separate from the original, but is under the same alert.
On Wed, Sep 16, 2015 at 9:22 AM Andrew Plas andrewp.plas@gmail.com wrote:
What is the correct syntax for the device association?
I tired the following in the device association (and rebuilt the alert checker) and they're not matching on any devices. "hardware" is a proper attribute per http://www.observium.org/docs/attribs_metrics/, so how do I leverage OR to select multiple device types?
I also tried "match" instead of "equals" in the statement.
hardware equals C881-K9 hardware equals CISCO881-SEC-K9
hardware equals C881-K9 or hardware equals CISCO881-SEC-K9
hardware equals C881-K9 or CISCO881-SEC-K9
On Tue, Sep 15, 2015 at 5:40 PM, Nick Schmalenberger < nick@schmalenberger.us> wrote:
On Tue, Sep 15, 2015 at 04:34:37PM -0500, Andrew Plas wrote:
The ability to do the device match on a custom field seems like it
would be
suitable. Barring that, are there any examples of using multiple strings in the
alert
checker's device match? Is an array even possible with the match criteria? Or can I simply specify several "hardware" attributes in the match of one alert checker? I have about a dozen different models of Cisco routers, mostly 1921's
and
2921's, so it would be rather messy to create an alert checker for each type of device.
Thanks! Andrew
Its a fairly clean way, to put multiple associations in the alert checker (thats how to do OR). -Nick _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Maybe you could determine something from the serial number? Some hardware vendors have different ranges for the different products.
On Sat, Sep 12, 2015 at 7:00 PM, Adam Armstrong adama@observium.org wrote:
Differentiating between routers and switches is pretty difficult these days.
You might be able to do it with marginally complex hardware regexps.
Adam.
Sent with AquaMail for Android http://www.aqua-mail.com
On 12 September 2015 17:43:49 Andrew Plas andrewp.plas@gmail.com wrote:
I am looking to create an alert checker to send an alert when an Ethernet interface on a Cisco IOS router goes down- for example when the router is still up and available in monitoring, but a physical link is down due to a local switch failure, carrier CPE down, peer (unamanaged) router down... We receive syslogs of course, but these can occasionally get lost in the flood and not noticed as actionable by NOC staff.
Is there an effective way to make a device match for Cisco routers, but not Cisco switches? The OS type both show up as "ios", and I haven't found something router-specific to successfully match on. I can do this individually by device name, but unfortunately our naming scheme isn't specific enough to match them all with *rt* or *wan or similar.
As you can see below, I set the device match to "os equals ios" which includes switches that have a ton of link-down-but-enabled ports on them!
Thank you, Andrew
[image: Inline image 2] _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
For Cisco it's possible to do from the model number without too much difficulty.
This is a job for the group system, I think.
Adam.
Sent with AquaMail for Android http://www.aqua-mail.com
On 12 September 2015 21:23:58 Steffie Morris steffie.morris@gmail.com wrote:
Maybe you could determine something from the serial number? Some hardware vendors have different ranges for the different products.
On Sat, Sep 12, 2015 at 7:00 PM, Adam Armstrong adama@observium.org wrote:
Differentiating between routers and switches is pretty difficult these days.
You might be able to do it with marginally complex hardware regexps.
Adam.
Sent with AquaMail for Android http://www.aqua-mail.com
On 12 September 2015 17:43:49 Andrew Plas andrewp.plas@gmail.com wrote:
I am looking to create an alert checker to send an alert when an Ethernet interface on a Cisco IOS router goes down- for example when the router is still up and available in monitoring, but a physical link is down due to a local switch failure, carrier CPE down, peer (unamanaged) router down... We receive syslogs of course, but these can occasionally get lost in the flood and not noticed as actionable by NOC staff.
Is there an effective way to make a device match for Cisco routers, but not Cisco switches? The OS type both show up as "ios", and I haven't found something router-specific to successfully match on. I can do this individually by device name, but unfortunately our naming scheme isn't specific enough to match them all with *rt* or *wan or similar.
As you can see below, I set the device match to "os equals ios" which includes switches that have a ton of link-down-but-enabled ports on them!
Thank you, Andrew
[image: Inline image 2] _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (7)
-
Aaron Finney -
Adam Armstrong -
Andrew Plas -
Ben Hohnke -
Mark D. Nagel -
Nick Schmalenberger -
Steffie Morris