jvazquez

Alarm Suppression using LUA

Discussion created by jvazquez on Jul 25, 2009
Latest reply on May 5, 2011 by ntimm
When a device goes down I get alerts from all sorts of different probes.  SNMPGET, SAA_MONITOR, NET_CONNECT, CISCO_MONITOR, INTERFACE_TRAFFIC and so on.  This is causing alert overload and I decided to try and do something about it.  I initially thought I could do it all via AO profiles and triggers but I can't seem to find out how. 

What I want is the following:

net_connect pings a device and it doesn't respond.  All of the rest of the alarms from the above mentioned probes are then suppressed. 

Here is how I envisioned doing it:

*Use a trigger to capture the net_connect alarms so they can be evaluated when an alarm from one of the other probes comes in.
*Use a pre-processing rule to make all the incoming alarms from the other probes invisible.
*Use a Profile (use the visibility matching criteria along with whatever other you need – “on arrival”) that will execute a LUA script that will
1.     Check the trigger state to see if there are any net_connect alarms at all
a.     If the trigger state is False, then set the current alarm to visible
b.     If the trigger state is True, then loop through the alarms in the trigger and see if there is a match on the source
i.     If there is a match, then close the current alarm
ii.     If no match, then set the current alarm to visible

*One trigger to catch all net_connect alarms
*One pre-proc that set all incoming alarms to invisible and use a comma separated list of probes in the matching criteria.
*One profile to execute the LUA script for all invisible alarms

My LUA isn't up to speed yet.  I have my triggers built and my pre-processing rules built.  Can someone provide some insight regarding that LUA script?

Outcomes