Hi there,
I have WLC on Librenms, and SNMP Trap (when AP Disassociated) has been setup already.
The alert is sending alerts when AP Disassociated from WLC. But the alert is not able to recovery.
Can someone please have a look my alert at below and give me an idea to fix alert recovery issue?
Rule:
eventlog.type equal trap
AND eventlog.message contains 14179.2.6.3.8
AND eventlog.dattime greater or equal mactos.past_5m
AND macros.device_up equal Yes
That is basically going to look through the event log for that message for anything over 4 minutes ago. that means once that message is in the event log then it will never clear.
Because the trap has no notion of status (i.e it doesn’t clear out the original trap message or change it’s value) then you will have to do this based on date time being within the last 5 minutes which means the alert will auto clear itself once the latest message is over 5 minutes old. I.e change the eventlog.datetime to be less than or equal.
Thanks laf 
I missed backticks for the macros.past_5m. The alert rule is working now…
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
