Dear dojo community,
we have an snmp manager with 'alarm storm prevention' enabled. The snmp manger is configured to handle minor/major events and that all works pretty nice.
Now I would like to detect when the alarm storm detection cicks in and create an extra 'critical' event that will than be signalled via a different snmp manager.
I therefore created a correlation rule that triggers on the information event that is posten when the alarm storm prevention kicks in. That works fine as well but the drawback here is that this correlated event never gets cleared and needs operator intervention to be cleared.
Is there any way one can trigger a clear based on the information event signalling end of alarm storm ??
Hi Hans,
Not sure if you have already found a way to deal with this, but one way to do it, is by creating a virtual element with a parameter 'Alarm Storm Status' that you set via Correlation triggering on your information events. Let the parameter have status On/Off and set an alarm template on that element/parameter. Your 'different' snmp manager can then filter the alarms of that element/parameter. If you need help to create such a virtual driver, I can share a quick snippet if you want.
A more complicated way is building further upon what you have started and try to clear the correlation alarm via an automation script that is triggered by the information event signaling the end of the alarm storm. In that automation script, you'll have to search for the specific open correlation alarm and then clear the alarm.
Hope that helps
Thanks Pieter for the clear hint.