Customer Level 2 Training: Service Groups, Alerts and Dependencies
1 like1,001 views
This document outlines an advanced training session on SolarWinds' Alert Manager. The session covers how alerts work, launching the interface, using condition groups and suppression, service groups, alert actions and variables, and troubleshooting alerts. It provides examples of direct and embedded suppression techniques. Other topics include alert types, additional resources, and a Q&A.
Customer Level 2 Training: Service Groups, Alerts and Dependencies
- 1. SolarWinds® Level 2 Training Advanced Alert Manager August 23, 2012 COPYRIGHT © 2012, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1
- 2. Advanced Alert Manager » Hosts Jason Ferree –Support Supervisor Mark Wiggans – Information Development Are you Certified? 2
- 3. Agenda Introductions & Housekeeping A Look Under the Hood Condition Groups Suppression Service Groups Alert Actions and Variables Troubleshooting Q&A © iStockphoto 3
- 4. Introductions and Housekeeping » Today’s Content will Focus on Orion® Advanced Alert Manager and Dependencies We only have an hour » Ask questions! Don’t be afraid to ask deeper questions Don’t wait until the end – ask away » Today’s session is being recorded Recorded session on SolarWinds.com Slides available on slideshare.com 4
- 5. Advanced Alert Manager » How Alerts Work – A Look Under the Hood. 5
- 6. Advanced Alert Manager » Launching the Alert Manager Interface - Quick Tour 6
- 7. Advanced Alert Manager » Understanding Condition Groups All = logical AND Any = logical OR Not all and None - Use very carefully » Embedded condition groups Follow the left alignment for embedded conditions 7
- 8. Advanced Alert Manager » Suppression - Example 1, Direct Suppression Alert condition: Node down Suppression condition: node name = Lab router Desired Result – Alert on all devices down except Lab router Actual Result - if a node exists in SQL database with the name “Lab router”, then all node down alerts will be suppressed. If a suppression condition is true, alerts will be suppressed regardless of the trigger condition. 8
- 9. Advanced Alert Manager » Suppression - Example 2, Embedded Suppression Alert condition: Simple Condition Group • Trigger alert when all if the following apply • Node status is equal to down • Node name is not equal to Lab router Suppression condition: None Desired Result – Alert on all devices down except Lab router Actual Result - Alert on all devices down except Lab router To embed a suppression condition, flip the logic and add the condition to the trigger. 9
- 10. Advanced Alert Manager » Suppression - Example 3, “Suppression” using Groups and Dependencies 10
- 11. Advanced Alert Manager » Example 3 Explained – “Suppression” Using Groups and Dependencies Create a service group and add site 1 remote devices Create a service group for the data center routers Create a dependency - site 1 group dependent on data center group Set datacenter status rollup to mixed Create an alert for data center group • Trigger - Group status is equal to down • Default reset – Condition no longer exists • No suppression 11
- 12. Advanced Alert Manager » Example 3 in Action Alert for data center group when both routers are down • Site 1 devices status set to unreachable Existing node down alert fires for parent device down Alert! Status set to unreachable 12
- 13. Advanced Alert Manager » Alert Actions Send an email • Trouble ticket integration point! Send a message via syslog or trap Execute a program or script Send Windows® Net message Tons more » Variables What triggered the alert, when, what was affected, status…. 13
- 14. Advanced Alert Manager » Troubleshooting Alerts Issue will most likely be in one of three areas 1 - Alert or Suppression Condition Errors in condition logic Logical contradictions Other conditions not logically possible Suppression killing all triggers 2 - Alert Action Error in external program or script Email issues 3 - Alert is OK but test is invalid Check test logic, timing, and alert criteria 14
- 15. Advanced Alert Manager » Other Alert Types Basic Alerts • Most all functionality exists in Advanced Alerts Syslog Alerts • Defined in Syslog Alerts/Rules UI Trap Alerts • Defined in Trap Alerts/Rules UI • Allows for filtering, parsing, thresholds and alert actions 15
- 16. Summary and Q&A » Thank you for attending! » Additional Resources Understanding Orion Advanced Alert Manager • http://www.solarwinds.com/documentation/Orion/docs/UnderstandingOrionAdvancedAlerts.pdf Using Orion Groups and Dependencies • http://www.solarwinds.com/documentation/Orion/docs/Groupsanddependencies.pdf Thwack® Alert Lab • http://thwack.solarwinds.com/community/labs_tht/alert-lab COPYRIGHT © 2012, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 16