Hello everyone,
as this is my first post in your community, I’d like to say LibreNMS is awesome piece of software, thank you for your hard work.
Although for most part this system is really easy to use, I have to ask for your help, as I cannot manage to set alerts of ports going down and going up, and setting these alerts to vanish after few minutes. I was reading through documentation, found posts recommending using %syslog.timestamp >= %macros.past_5m, but it never worked in my case. So can you please assist in setting two alert rules:
- port going down, trigger alert for 5 minutes, then stop alerting
- port going up, trigger alert for 5 minutes, then stop alerting
Thanks.
- The output of
./validate.php
====================================
| Component |
Version |
| LibreNMS |
1.33-122-gc0295be |
| DB Schema |
215 |
| PHP |
7.0.25-1~dotdeb+8.1 |
| MySQL |
10.1.26-MariaDB-0+deb9u1 |
| RRDTool |
1.4.8 |
| SNMP |
NET-SNMP 5.7.2.1 |
====================================
[OK] Database connection successful
[OK] Database schema correct
syslog.timestamp will not work with port up or down. that looks at time column in Syslog table.
Post the rule you are working with.
Kevin, thank you for clarifying this. As I was experimenting for few days before I posted question here, I don’t have every rule I tried. At this moment I have this:
%macros.port_now_down = 1 && %macros.past_15m = 1
and it’s not working unfortunately.
I do however remember that I tried to modify original rule with macros.past_15m, it looked as the one above:
%macros.port_down = 1 && %macros.past_15m = 1
and this didn’t work either. Hope this is information you asked for.
this is the out put for the “macros.port_now_down”
port_now_down %ports.ifOperStatus != %ports.ifOperStatus_prev && %ports.ifOperStatus_prev
= “up” && %ports.ifAdminStatus = “up”
This is the output for “macros.port_down”
(%ports.ifOperStatus = “down” && %ports.ifAdminStatus != “down” &&
%macros.port)
That being said you need to look the that macro make sure that what you want to alert off of and the macros.past_15m looks at date and time which idk is possible with that table.
instead of doing a macros.past 15 min maybe try 15 min delay in the alert rule.
Also if you want to see what the macros look like go to settings → Global Settings.
I hope this helps you.
%macros.past_15m only works for tables with multiple entries and a timestamp, like eventlog or syslog.
1 Like
@Kevin_Krumm wouldn’t 15 min delay cause alert trigger 15 minutes after port went down? Standard rule has 5 minute delay, and alert stays there until port goes up, so this isn’t what I’m looking for unfortunately. My target is to make alert show immediately (well it can after few minutes, but this isn’t required), and stop showing after 15 minutes. This would work just like device up/down alert, where alert shows for 300 secs after alert being triggered and clears.
@murrant so as ports table doesn’t have any timestamp, setting alert rule regarding my needs isn’t possible?
I don’t think the ports down rule is going to work the way you want it to with the time variable.
Maybe look into alerting out of the event log.
I already started to withdraw this information from database comparing alerts, device and port table and I managed to get information I needed. This unfortunately don’t solve all problems, as there are still active alerts in LibreNMS, which aren’t alerts as devices usually don’t have all ports up, so I stay with fake alerts showing all the time. Do you think I can make feature request to add timestamp to ports table maybe?
why not map the alert rule to the devices that you want to alert from?
Also, a feautre request is always welcome but keep in mind this community-based project all volunteers no guarantees somebody will work on that.
Also, you could just alert out of the Event Log which has time stamps and port states.
Currently I have few thousand devices in network, this would be too much work to maintain them all this way
of course, this is completely understandable, I wouldn’t even think about requiring anyone to work on it 
do you mean retrieving such information directly from database by script or creating some macro that would trigger alert from event log?
edit:
I found that I can make alert rule from event log, would this be ok:
%eventlog.datetime >= %macros.past_10m && %eventlog.message = “ifOperStatus: up → down”
?
edit2:
This rule works as expected, however it shows only event id in alert:
172.16.1.3
#1: event_id => ‘733530’
Do you know if I can add some more info to this alert? Port name (ifdescr) would be enough.
what alert template are you using for this alert rule?
If I understand correctly alert templates, standard Ports template. Alert rule has name: Ports status up/down
I made template, attached alert rule to it, but i still see only event_id => … in alert. I have no idea what I can set more there, maybe the proper way is just to set port_down macro and acknowledge all these alerts?
you can make a macro. https://docs.librenms.org/#Alerting/Macros/
Im still not sure what you are trying to do with ports down rule. It’s kinda generic rule. I personally don’t care for ports down.
If the port goes down on access switch from a client machine no big deal.
Maybe if you explain a little more what you are trying to accomplish with port down rule?
Are trying to monitor core links or something?
I need to receive alert when port goes down, and info when it goes up. I don’t need this alert to stay on for the whole time when port is down. This is because I’m showing active alerts on other apps using API. I can of course acknowledge this alert, but then should I receive one when this port goes up?
Indeed, core and aggregation devices. I’m not using LibreNMS to monitor access devices at all.
I can see already that when alert is acknowledged and port goes up, it still shows as down, so this doesn’t solve my problem. I think I’m in dead end 
hmm…just throwing this out for some idea’s… maybe snmp trap. for port down/up
https://docs.librenms.org/#Extensions/SNMP-Trap-Handler/
It seems that traps are no good for me, as I use OSPF and it goes from closest routing IP, not loopback address I configured in LibreNMS, so event log don’t recognize it. Also script explodes line using comma, and trap I received doesn’t have one. I’m thinking rather about possibility of adding timestamp column into ports table and creating macro that utilize it.
