Since syslog’s are delivered near real-time, it would be great to take advantage of that in the alerting system. Perhaps syslog needs an adjusted alert function so it doesn’t rely on poller.php?
I tried to create a 1 minute alert, but it issues the same alert every minute for 5 minutes, so i guess this is not possible at present.
For example:
syslog.timestamp >= (DATE_SUB(NOW(),INTERVAL 1 MINUTE)) AND syslog.msg LIKE '%changed state to down%'
max -1
delay 0
interval 1m
Alerts are in their own cron (alerts.php). By default, they run every minute but you can cheat using sleep.
Ex:
* * * * * librenms /opt/librenms/alerts.php >> /dev/null 2>&1
* * * * * librenms sleep 15 && /opt/librenms/alerts.php >> /dev/null 2>&1
* * * * * librenms sleep 30 && /opt/librenms/alerts.php >> /dev/null 2>&1
* * * * * librenms sleep 45 && /opt/librenms/alerts.php >> /dev/null 2>&1Even with 1 minute though i don’t get a new alert, do you have an example?
I tested this for a good few hours today with no luck. Running the SQL on the database works fine and brings the correct result.
SELECT syslog.timestamp,syslog.msg FROM devices,syslog WHERE (devices.device_id=152) AND syslog.msg LIKE "%changed state to down%" AND syslog.timestamp >= (DATE_SUB(NOW(),INTERVAL 1 MINUTE))
I have a feeling it’s related to Kevin’s reply in this thread Email immediately on recept of syslog messages configured in alert I think that means that the alert rule will only run on polling.php and even applies to syslog. I know a workaround would be to have 1 minute snmp polling on all my devices, but unfortunately not possible in my setup.