Hello everyone, this is my first post so be gentle. I'm new to Zenoss and so far have found everything I need by searching but I can't figure this out. I have Cisco device interfaces which are exceeding the 75% bandwidth utilization threshold and generating an event every time, working great. I have a transform that changes the event summary to show percentages (found it on the forum).
What I'd like to do now is configure the system to generate an event only if the interface is exceeding the 75% bandwidth utilization threshold for 5 consecutive polls. I'd like to do this so that I know there is at least some level of sustained bandwidth utilization before seeing the event. I've searched everywhere, how can this be accomplished? I've included my current transform below, any assistance would be appreciated.
match = re.search('threshold of [^:]+: current value ([\d\.]+)', evt.message)
if match and device:
ifaces = [ i for i in device.os.interfaces() if i.name() == evt.component ]
if len(ifaces) > 0:
current = float(match.groups()) * 8
speed = ifaces.speed
util = (current / speed) * 100
evt.summary = "Interface Utilization At %3.1f%%" % (util,)
The duplication count for an event is stored in the events database, and as far as I know is not available in the event that your transform is transforming. I have two possible suggestions, neither of which I have actually tried, and both of which may be stupid:
Within your transform, get into the events database somehow and search for a record that matches the current event. If its duplication count is four, then the current transform makes five, so you should Do Something. Perhaps you could look for other transforms that access the events database for any reason. I wish I had a specific example to point out to you.
Failing that, there is another Rube Goldberg-esque strategy that may work. This would involve writing a script that ran under cron, and looked through the events database for the kinds of events you want with a duplication count of five or more. If it found them, it would write a file with the appropriate information to a known location. Then, you could have Zenoss periodically run a Nagios script that would look for this file, and return a critical event if it existed. Make the critical event cause an alert, and there you are.
Thank you for the response, I'll research and let you know how it turns out.
Thank you, I'll check these out and let you know what I find.
After getting the information from the two members that replied I found what I was looking for. I realized that I had also worded my issue incorrectly. What I wanted to do was ensure that an email alert was only generated when the threshold was exceeded a certain number of times. By default the monitoring template ethernetcsmacd generates an event of severity warning each time the threshold is exceeded. The escalate count in the monitoring template allows you to specify a number of times the threshold must be exceeded before increasing the severity one level.
So what I did was make the escalate count 10, which escalates the event from warning to error after it exceeds the threshold 10 consecutive times. Then an email alert is generated for anyone with a rule that states they should get alerts for error level events or higher. Thanks again to the members that replied.
Oh, if that's what you wanted, you can do that just by setting in your alerting rule count > 10.
Information Technology Area Supervisor
LEPP Computer Group