Hello all. It would be helpfull for all if LibreNMS can detect flappings on interfaces. On my work we provide internet services and sometime our transport provider (as usual) got flaps on their Tx network, we can see those flaps by using LibreNMS graphs but the idea is to go beyond and be able to create automatic alerts based on that behavior.
You can capture flaps in two ways
1 - SNMP traps (https://docs.librenms.org/Extensions/SNMP-Trap-Handler/)
2 - Create an alert rule based off syslog message (https://docs.librenms.org/Extensions/Syslog/)
i think the main LibreNMS Alert script may still be running at 5 minute intervals, but at least you captured your flap
Hello,
Fast physical changes are totally covered by using snmp traps by getting the port/interface down event, this is another thing, what i mean is when traffic drops suddenly or there are traffic peaks, that kind of analysis is different.
Oh ok I think your after behavioural analytics to detect anomalies, as its just a snmp counter the poll will just report a lower count.
You could look at creating an alert rule on InRate_Prev (its something like that), LibreNMS stores the last value in the database, so maybe you can create an alert rule to compare.
1 Like
Good, i’ll try that. I’ll let you know.
Thanks Chas.
Hi,
I use the following SQL query
SELECT * FROM devices,ports,eventlog WHERE (devices.device_id = ? AND devices.device_id = ports.device_id AND devices.device_id = eventlog.device_id) AND eventlog.message REGEXP "ifOperStatus: up" AND eventlog.datetime >= DATE_SUB(NOW(),INTERVAL 360 MINUTE) AND ports.port_id = eventlog.reference
I had to set a wide enough interval to detect flapping ports.
If anyone knows how to count the number of times the port (ifname) returns and keep in the query only those greater than 4 for example? Thanks 
