Hi,
I’m in internship and I have to setup specific rule to monitor some ports of different switch. I have to send an alert to my mailbox in case of same eventlog messages appears 3 times in 10/15minutes.
Currently I have this rule :
I’m really blocked here. I don’t know how to count same eventlog messages, how to select from last 10/15 minutes…and integrate them to my rule.
Thanks for any helps.
If you feel inspirated, take a look to the advanced sql query. That way you can count() messages in a period of time and then alert if > X.
Before you ask, I dont know how to do it. I just know you can run your own SQL query so you should be able to do it.
Yes, I can get information from MySQL DB for last 15 minutes with this query :
SELECT IF ((SELECT COUNT(message) FROM devices, ports, eventlog WHERE hostname = “HOSTNAME” AND message = “ifOperStatus: down -> up” AND ports.ifName = “0/8” AND datetime >= now() - INTERVAL 15 MINUTE) >= 4, “good”, “false”);
Is it a good idea to write a script that connects to my DB and sends email with a CRON of every minute
if Query returns “good” ?
But on libreNMS web interface alert, it doesn’t accepts the request.
Thanks.
Hi
No, just set that query un advanced tab of rule
Hi,
Yes, I tried but when I click on “Save Rule” button, nothing happens, strange.
When query doesn’t match in mysql cli, it returns no as :
When query match in mysql cli in last 2 Hours for example, it returns yes as :
For the advanced query, the sql show return 0 rows if doesnt match.
Take a look to https://docs.librenms.org/Alerting/Rules/#advanced (FYI, due to a change in the STRICT mode that query doesnt work) but should give you an example on how to do the advanced query.
Also, you can check what a “normal” rule query looks like and the results in mysql running the query
