Experienced these false reboots for a long time and it’s becoming an issue since the eventlogs become huge. We have roughly 4000 devices that we monitor and we get over 15000 reboot messages per day. The vast majority of these are false. We’ve hade these problems for a long time now and it’s really time to fix it now I thought.
Example:
Device rebooted after 2 years 6 months 3 weeks 3 days 13 hours 18 minutes 38 seconds → 31748461s
sysUptime shows that it indeed has been up for over 2 years.
The main reason why the eventlogs were growing was that LibreNMS was set to do a discovery on reboot for all devices. I have disabled that function now, even though I do think it should be enabled but only for true reboots.
Right, do you have the “Device rebooted” alert set up? If so, does it fire when these events occur?
AFAIK that particular event could only occur if the device uptime value in the database (which should be from the previous poll) is greater than the uptime value received from SNMP in the current poll.
So if the database says your previous uptime was 100000 it wouldn’t matter if the polled uptime was 99999 or if it was 0, both would generate that event. The “Device rebooted” alert on the other hand alerts if the uptime is less than 300 (5 minutes). So it might be a clue what’s going on.
If you are running snmp v1/2c, and If a reboot is reported the same time everyday, perhaps run a wireshark/tcpdump to try and capture the snmp poll that goes out (see which community gets polled), and also see what comes back?
Could possibly also check your ntp services? Make sure they are consistent and the same timezone across all your devices to rule out time sync issues?