I am one of the users who is using LibreNMS effectively. I have a question about alerts, so I am writing this post.
For general alerts, based on conditions like macros.device = 1 or others, alerts are triggered, and then recovery alerts are received based on specific conditions. However, in the case of syslog alerts, there is no separate recovery alert, so I am only receiving the alert notification.
I noticed that when I acknowledge a rule alert in the notifications, alerts for that rule no longer trigger even for alerts that occur after the acknowledgment. Since alerts are not being triggered, I am currently leaving the notifications as they are, allowing them to disappear automatically over time.
I am curious about the conditions under which the notification list gets cleared. Also, is it possible to make notifications disappear when acknowledged, or can we create a way to clear the notifications?
You need to show your rule so we can say why the syslog one doesn’t clear but alerts are simply SQL queries, a query returns results and it triggers an alert, query is empty alert is cleared.
If you acknowledge and alert and select ack until clear then you won’t get any further notifications if that alert gets worse.
The rule currently in effect is as follows.
Is there anything else to add? Thank you.
(syslog.timestamp >= “macros.past_5m” AND syslog.msg LIKE ‘%changed%’ AND syslog.msg LIKE ‘%down%’)
OR (syslog.timestamp >= “macros.past_5m” AND syslog.msg LIKE ‘%non-trunk%’)
So overall that looks ok and should trigger a recovery alert, you do have recovery alerts enabled for this rule don’t you?
On the rule though, the syslog.msg LIKE ‘%changed%’ AND syslog.msg LIKE ‘%down%’ part of the query, did you mean OR here? If not, then you don’t need the AND, remove the 2nd part and update your first LIKE to include both words such as LIKE '%changed%down%'
