Hi,
Is there a way to create an alert when a switch port is flapping, ie it goes up and down too much in a time period ?
Of course there is. You need to create alert and use ‘SQL Override’ function.
select device_id,message from eventlog where device_id = 666 AND type = ‘interface’ AND UNIX_TIMESTAMP(datetime) >= UNIX_TIMESTAMP(NOW() - INTERVAL 25 MINUTE) AND message LIKE ‘%lowerLayer%’ HAVING count(device_id) >= 4;
Here is example which would react when since last 25 minutes port changed it’s state 4 times. I had to use LIKE pattern %lowerLayer% - this is how it looks on my specific device (Edge-Core 4210T where I was testing this).
For example if you need to monitor with this alert device with id = 1000 you should start by going through SQL:
use librenms;
select * from eventlog where device_id = ‘1000’ and type = ‘interface’;
Now take a look carefully what kind of messages you got there. For me it looks like:
ifOperStatus: up → lowerLayerDown
ifOperStatus: lowerLayerDown → up
That’s why I used LIKE %lowerLayer% to make sure to notice only port flapping. Otherwise your alert will react also to changing interface name or when it renegotiate connection speed.
I hope it helps.
Regards.
1 Like
thanks !
Here is my request : select device_id, reference, count() as value from eventlog where type = ‘interface’ AND UNIX_TIMESTAMP(datetime) >= UNIX_TIMESTAMP(NOW() - INTERVAL 20 MINUTE) AND message LIKE ‘ifOperStatus: up%’ group by reference HAVING count() >= 4;
Seems fine. Check whether it works and you are at home 