whats showing down when that rule triggers SNMP or ICMP?
ICMP seems to be triggering the alert.
Sounds like your device is not responding fast enough to the ICMP response.
Try adding this to your config.php
$config[‘fping_options’][‘retries’] = 5;
$config[‘fping_options’][‘timeout’] = 1000;
$config[‘fping_options’][‘count’] = 4;
$config[‘fping_options’][‘millisec’] = 1000;
Thanks, I will give that a try as that might help with the false positives I’m getting.
With that said, that still doesn’t answer my original question. Is it possible to make an alert that only triggers if a device is down for XXX amount of time?
Oh yes, you could try and add to the rule macros.past_5m and it goes up to 60m
Thank you! This is more inline with what I was originally looking for.
Am I only limited to 5m,10m,15m,30m,60m presettings or am I able to set my own, like 1m for example?
Look in the Global Settings you should see the macros in there…at present doesn’t look like you can change the macros past. Maybe someone else will chime in and say different.
I’m back…
I’ve tried the following alert rule and it doesn’t seem to be working:
%devices.status != “1” && %macros.past_5m = “1”
Max: 3
Delay: 0
Interval: 300
I have a device that’s been down for 3 hours now and it never triggered this rule.
welcome back Joe,
try this one
%macros.past_5m = %devices.status != “1” &&
Max: 1
Delay: 300
Interval: 300
Kevin,
I’ve tried that as well and it doesn’t seem to work.
Looking at the LibreNMS github page, the %macros.past_5m returns a timestamp so I think this will ever work.
I don’t want to give up hope, there has to be a way to do this!
Joe,
Can you use the Delay:300 functions?
As I said before the delay function only delays the alert, it doesn’t recheck the device to see if it’s still an issue.
I want to be alerted if a device is down for XXX amount of time.
Did you find a solution Joe and can you share this with me?
I also have regular false positives and I am searching for the same solution.
Devices needs to be rechecked after an interval before sending out the alert.
Actually no, I haven’t found a solution for this and after putting a lot of time into this, I gave up. IMHO, this is something that differently should be built into LibreNMS.
I would love to have this working and it’s the only thing lacking in my LibreNMS setup.
how is the device being reported down icmp or snmp down status?
By SNMP:
Alert for device 10.4.0.22 - Devices up/down
Severity: critical
Timestamp: 2017-08-03 20:20:06
Unique-ID: 1481
Rule: Devices up/down
Faults:
#1: sysObjectID => enterprises.2011.2.23.203; sysDescr => S5700-10P-LI-AC
Huawei Versatile Routing Platform Software
VRP ® software,Version 5.170 (S5700 V200R010C00SPC600)
Copyright © 2007 Huawei Technologies Co., Ltd.;
Alert sent to:
Try this,
disable the default “up/down” alert rule and add this alert as your “device down alert”.
%macros.device_down = “1” && %devices.status_reason = “icmp” &&
this should help with false positives devices being marked down.
1 Like
Thank you for this quick helpful response.
An error I created was at least noticed and mailed as well with the new alert rule. I have disabled the old rule, and enabled the new one. I will let this thread know after the weekend what the results are.
At least this is not hurting me 