Hi friends I trying to get alert for message when our L3 huawei switch loose power input. We have this switch on the battery throught AD, so when switch loose power input is still online, but I need to know when is on the battery.
So I made this alert rule
%syslog.msg ~ "@Power is abnormal@" && %syslog.timestamp >= "@macros.past_5m"
for this syslog
2018-03-08 14:10:22 SRM/1/POWERFAULT OID 1.3.6.1.4.1.2011.5.25.129.2.1.9 Power is abnormal. (EntityPhysicalIndex=67108873, BaseTrapSeverity=3, BaseTrapProbableCause=67966, BaseTrapEventType=5, EntPhysicalContainedIn=5, EntPhysicalName=MPU Board 0, RelativeResource=POWER, ReasonDescription=POWER is abnormal)
Alert is working correctly, when i push out the power supply and my switch goes from the battery.
When i getting back power supply I get this message from syslog, what is Ok.
> OID 1.3.6.1.4.1.2011.5.25.129.2.1.10 Power normal. (EntityPhysicalIndex=67108873, BaseTrapSeverity=3, BaseTrapProbableCause=67966, BaseTrapEventType=5, EntPhysicalContainedIn=5, EntPhysicalName=MPU Board 0, RelativeResource=POWER, ReasonDescription=POWER is normal)
My question is, why after that is alert still marked RED in alerts and dont want to go away after hours ? And I getting messages to my mail, that ALERT (huawei-test) - Power is DOWN got worse instead of recovery message ?
Thank you.