You can accomplish some of this with Event Correlation Rules. A Correlation Rule, in effect, allows you to generate a "roll up" event if a set of other events occur across two or more devices.
This is the only way (that I know of) to roll up events across devices. You would group your N devices in a Correlation Domain, and the Correlation Rule applied to the domain would count the number of events X that are observed across them, and if you pass a threshold count (you said 10) then the correlation would raise event Y. You can raise event Y on the last device that generated event X, or raise it on the Correlation domain itself (which you can name as you desire). We have used this, for example, to raise a roll-up alarm if all VPN tunnels to a remote site (from multiple router interfaces) go down all at once. This prevents individual BAD LINK DETECTED alarms from 2, 4, or 8 VPN tunnels, but raises a roll-up if ALL of them fail at the same time. (We had to adjust BAD LINK DETECTED alarms globally to make this function properly) There is, however, a bug in 9.1.0, where the Correlation rules need to be re-saved after any SpectroServer restart. I am looking for confirmation if this bug was fixed in 9.1.1 or 9.1.2 but am still waiting for CA's response. Thanks, --Mark S ________________________________ Mark Serencha - Inforonics LLC - (m) +1-781-439-0519 - [email protected] <mailto:[email protected]> - ** Inforonics acquires Vigilant Enterprise Solutions ** <blocked::http://www.businesswire.com/portal/site/home/permalink/?ndmVie wId=news_view&newsId=20090818005912&newsLang=en> From: Murtey, Patrick [mailto:[email protected]] Sent: Friday, January 29, 2010 10:49 AM To: spectrum Subject: [spectrum] Event Rule Question Hi All, We are trying to consolidate some of the alarms that are appearing in the Spectrum Alarm view. None of the Event Rules seem to apply to what we are trying to achieve. The Event Rate Rule off page 54 in the manual comes the closest, but does not quite do what we want. We want a rate on a certain alarm coming from multiple devices. We have 10 devices with different names and IP's. But they all generate the same message when the alarm is triggered(usually within 10 seconds of each other). We know that Varbind 1 carries the identical message in all 10 devices. How do we get a rate rule to say " if the same message comes in from 10 different locations, either generate only one message indicating all 10 instances and/or stack the identical messages under the more so the individual sources can be seen? TIA Patrick Murtey Network and Systems Management Manager MGM MIRAGE Information Technology [email protected] <mailto:[email protected]> * --To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected] --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
