Basic Alert Engine Suppression Examples

Many error conditions can occur in a network to trigger multiple alerts from a single event. There are also conditions that may not need to trigger an alert by themselves but that should trigger alerts if they occur with other conditions. Alert Suppression allows you to set up conditions to analyze alert situations and give you the information you need to determine the root cause of the problem.

By default, alert suppression is not enabled for Orion NPM alerts. When using the basic alert engine, you may specify alert suppression either when any of one or more conditions exist, or if all of two or more conditions exist.

Note: Proceed with extreme care when configuring the alert suppressions, as it is possible to suppress alerts containing important information about your network.. SolarWinds suggests you carefully consider any alert suppression scheme, develop a diagram of your network, and then extensively test any scenario in which you intend to apply alert suppression.

Examples of situations for which you might want to create alert suppressions are illustrated in the following diagram.

Note: The Orion NPM server is located on Switch 2, at the top right.

 

Failure of redundant servers

In the diagram, both WServers are identical to provide failover, redundancy, and load balancing. If WServer4 fails but WServer5 is still functioning, you may want to be alerted immediately if the failure occurs during business hours, though it might not justify a pager alert in the middle of the night. In this case, you would configure the alert for the failure of one WServer to be suppressed unless the other also fails.

Apparent failure of dependent nodes downstream of a failed router (or switch, or circuit)

In the diagram, there are dependencies among devices. For instance, if Router C fails, the Orion NPM server cannot reach Switch 3 or any of the four workstations. You will want to know if and when the workstations have failed, but only if Router C and Switch 3 have not failed. You would configure the alerts such that a failure alert for the workstations is dependent on Router C and Switch 3 being operational.

Failure of a network link when a redundant link is still functional

During some hours, you may only want to be notified of the failure of the link between Router B and Router C if the alternative link through Router A is also down.

Failure of load balancing between devices

You may have configured your network to balance traffic across your web servers. In this case, you could configure an alert that notifies you of very high CPU utilization on any one of the servers but only if one or more is experiencing much lower usage.

Note: In any case, the suppression of alerts does not preclude knowledge of critical events. Network events will be logged in the database whether alert suppression is enabled or not.

sales@solarwinds.com