Hi,
I am a bit struggling with getting a rule set up. The rule should trigger when a particular interface goes down (ideally with an interface description containing specific words) and I don’t want to monitor others.
Here is the rule:
Alert rule: %ports.ifOperStatus != “up” && %ports.port_descr_descr ~ "mPOP"
Alert query: SELECT * FROM ports WHERE (ports.device_id = ?) && (ports.ifOperStatus != “up” && ports.port_descr_descr REGEXP “mPOP” )
Rule match: no match
(while the port is shutdown)
Here is the SW config:
interface ethernet 1/23
description mPOP-Monitor-1
If I remove this %ports.port_descr_descr ~ “mPOP” it works fine for all interfaces.
Any suggestions are welcome 
1 Like
Does that rule work if you edit the regex to match the interface description exactly? (Just for testing purposes)
ports.port_descr_descr REGEXP “mPOP-Monitor-1” )
Just a thought.
-jd
yes try it with = “mPOP”
also you could try ports.ifAlias
and ports.portName
ports.ifAlias is the way to go!
Thanks,
That’s it fixed now.
1 Like
I want to get which port is down in alert, can anyone help me please? 
@sakibmahmud you have a great collection of alert rules here - https://github.com/librenms/librenms/blob/master/misc/alert_rules.json
{
"rule": "ports.ifOperStatus = \"down\" && ports.ifOperStatus_prev = \"up\" && macros.device_up = \"1\"",
"name": "Port status change from up to down"
},