Syslog Alert Delayed

Hope_Man · 8 April 2019 19:16

Hello,

I finally managed to set everything up so that LibreNMS creates an alert from Syslog whenever there is a BPDU error on a port, but the the event is always delayed by a few minutes.

My only 2 rules are to check for a phrase with regex in syslog.msg AND then check if syslog.timestamp >= macros.past_5 , with no delay set.

It seems to work, yet the alerts are still quite delayed, sometimes up to 5 minutes.

Is this tied to the snmp polling rate somehow and if so what’s a recommended polling rate without creating too much traffic? I assumed that SNMP traps and syslog could be used to create almost instantaneous alerts. Can I somehow speedup the alert generation?

Thanks in advance.

Kevin_Krumm · 8 April 2019 20:19

Thats by default polling only happens every 5 min. The alert rule check is only done during the poll cycle.

You can change polling to 1 min polling but its not traffic (SNMP traffic and ICMP is tiny) that you need to worry about its your devices and your system resources load that will increase.
Also when you switch to 1 min polling ALL your devices have to be pulled in 1 min in window before the next cycle begins.

Check the docs for 1 min polling.

Hope_Man · 8 April 2019 20:59

Thanks for the tips! I will try to reduce the polling interval and see how it goes.

Would be a nice thing to be able to change the alert rule check interval independently though.

Kevin_Krumm · 8 April 2019 21:01

Yes, Code changes are welcomed.