Cisco Switch ErrDisabled Status on Port

Professor

4 years ago

2 minutes ago, Shack said:

This is doing exactly what we want but with one problem. How do you stop a scripted event source from creating duplicate alerts every time it connects and runs? Hmmm I wonder if I can do something with my Escalation Chain.

It would be awesome to be able to suppress these IF it detected the same port was disabled and an existing alert was already active based on message matching or something. I need a checkbox similar to the checkbox on the Windows Event Logging type Event Source.

Event sources are a poor solution for generate alerts, though it is very desirable that they can. I have requested for a long time there be a way to correlate events via a key extracted from the event so you know it is the same event (this is trivial with many event solutions, including the incredibly awesome FOSS SEC tool). Among other things, you cannot even ACK an event effectively since the next run is a brand new result, but the email instructions still list ACK as an option and our clients believe it works.

I think the only reasonable solution is to redo the code into a datasource, like originally discussed in this thread.

Forum Discussion

Cisco Switch ErrDisabled Status on Port

Related Content

Monitoring interface ports on a network switch

Adjusting Host Status Idle Interval Alert

SQL Server Services Status

How does Host Status idleInterval treat Ping Multi instances

Monitoring google work space status page

Recent Discussions

LM Logs ingestion alerting

Datapoints configuration Discussion

Freqency of Alerts

SQL CERTIFICATE MONITORING

CERTIFICATES - GET ALL CERTIFICATES FROM SERVER