-
Alert configuration
Dear all,
I’ve just installed our new PandoraFMS server. Since we’ve used V1.3.1 now for a long time we configured a new server with V2 especially for WMI querys.
But my first problem is in configuring alerts. Since we have 12 locations connected via MPLS network or VPN over the internet with sometimes heavy load during network backuptimes, we receive many false positive alerts.
I played a bit arround with configuration and found some points to start with, but indeed not everything is as we expect it to be.
Here you find the current configuration:
Pandora console:
Pandora FMS v2.0 – Build PC081030pandora_server.conf
* changed icmp_checks to 10Config.pm
* changed networktimeout to 10Example:
agent modul host alive interval 60 sec
alert time threshold 1 day
alert min. number of alerts 3Situation:
* flapping line or instable connection or heavy load on line with QoS (ICMP has a very low priority in WAN)
* each time icmp ping is returning 0 -> talerta_agente_modulo.internal_counter is increased
* talerta_agente_modulo.internal_counter > talerta_agente_modulo.min_alerts alert is firedComments:
now I receive alerts once a day if icmp ping reports 4 times 0 e.g. 08:00am, 12:00pm, 02:00pm and 04:00pm, but what i wanted is that I receive an alert while this happens successively and not spread over the whole day.I read the documentation for “Time threshold” and decreased it to 10 min. but now in case of a nightly error my mailbox is overloaded every 10 min with an alert, because I’m not able to validate the error.
I’ve checked the database and my first impression of how to solve my problem is that in case of icmp ping returns 1 ( good ) the internal_counter should be set to 0.
Is this a possible solution for my problem or am I understanding the way of alerts in PandoraFMS completely wrong?
Proposals and suggestions are welcome.
Kind regards,
Sascha
-
9 Replies
-
Hi Sascha,
The solution is to use the Threshold as you did already and you might want to play with the Min Number of Alerts as well, so you can set something like: Min Number of Alerts = 2, so this means that the alert has to be fired twice to be able to receive the big alerts (let’s call it that way), which is the email, for instance.
We have fixed some bugs in 2.0 already. They’re in the branches in the SVN, so you have 2 ways to keep your PandoraFMS up to date, one is to download the branches and do the update manually, and the other one is using the Update Manager from the Webconsole and just with a click.
Cheers!
Manuel. -
Hi Manuel,
thanks for the quick replay, but unfortunately I did not come any further with my problem.
So I’ve added a screenshot to clarify my problem.
Agent ICMP ( Host alive ) reported 4 times timeout so alert has been fired.
Alert is defined as threshold 1 day – min # alerts 3.During 4 hours it seems that we have 3 times conquestion on the WAN and the ICMP packages gets
dropped or take a long time to replay.But the server is still up all the time.
Is it possible for me to configure the alerts in the following way:
only fire an alert if 3 time successively the “Host alive” returns 0?
Means that the database record in talerta_agente_modulo.internal_counter
is set to 0 for the specific id_agente_modulo when the “Host alive” returns 1.By the way, I’m currently using the thrunk version of Pandora FMS v2.1-dev – Build PC081016.
But I had the same issue with the latest branch version.Thanks for helping,
Sascha
-
[cite]Posted By: seinloft[/cite]
Is it possible for me to configure the alerts in the following way:only fire an alert if 3 time successively the “Host alive” returns 0?
To do this:
Min Value: 0 Max Value:0
Min Number Alerts: 3 Max Number of alerts: 1
Threshold 1 dayLet me know how that goes. The key here could be the recovery, do you have recovery active? If so, the recover will set the counter to 0 everytime the condition is not satisfy no matter if the alert was fired or not.
-
That’s exact what I’ve configured 3 – 1 – 1 day and recovery enabled!
I’m testing for ping “host active” every 120 sec. But internal_counter will only be set to 0
after alert was fired and not if ping “host active” is successfull.So 4 times a day a ping was missed the alert is fired even if in the meantime the ping “host active” reports OK.
Current behaviour:
30 times OK
1 time NOK -> internal_counter++ => 1
30 times OK
1 time NOK -> internal_counter++ => 2
30 times OK
1 time NOK -> internal_counter++ => 3
30 times OK
1 time NOK -> internal_counter++ => 4, internal_counter > min_alerts -> alert fired
1 time OK -> recovery alert fired -> internal_counter = 0What I would like to have is:
30 times OK
1 time NOK -> internal_counter++ => 1
1 time NOK -> internal_counter++ => 2
1 time OK -> internal_counter = 0Perhaps I can do this in the code myself if this is not the desired behaviour.
But right now I was not able to dected the part of code where this could be done.Thanks,
Sascha
-
-
-
-
-
You can join the developers list and follow the commits
https://lists.sourceforge.net/lists/listinfo/pandora-develop
