Welcome to Questions - Ask OpenNMS, where you can ask questions and receive answers from other members of the community.

Multiple event notifications for same event.

0 votes
20 views

When I trigger an event testing the notifications, I receive sometimes two and three notifications at a time regarding the event I triggered.  The only thing that changes of the multiple notifications are ID and Event ID fields.  I have written a rule in the notifd-configuration.xml to auto-resolve an event but when the screen is refreshed, only the most new event ID is auto-acknowledged.  I have looked at binding the same notification but this is a Fortigate vendor supplied trap and no syntax I have tried to adjust the UEI in the notifications.xml file will work.  Any ideas?  

Here is the notifd config that I put in and the notifications.xml listing for the notification in question.

notifd-configuration.xml 

<auto-acknowledge resolution-prefix="RESOLVED:        "uei="uei.opennms.org/vendor/fortinet/traps/fortigate/fgTrapVpnTunUp"   acknowledge="uei.opennms.org/vendor/fortinet/traps/fortigate/fgTrapVpnTunDown"> 

             <match>nodeid</match>

</auto-acknowledge>

notifications.xml

<notification name="VPN Tunnel Down" status="on" writeable="yes">

  <uei>uei.opennms.org/vendor/fortinet/traps/fortigate/fgTrapVpnTunDown</uei>

      <rule>(IPADDR IPLIKE *.*.*.*)</rule>

      <destinationPath>Node/Interface/VPN_Down</destinationPath>

<text-message>A VPN Tunnel has been marked down between %parm[#1]% and    %parm[#5]%.  Please advise</text-message>

      <subject>Notice #%noticeid%</subject>

      <numeric-message>111-%noticeid%</numeric-message>

</notification>

OpenNMS version
asked Mar 15 by Jet550 (240 points)

1 Answer

0 votes
 
Best answer

When I trigger an event testing the notifications, I receive sometimes two and three notifications at a time regarding the event I triggered. 

So your Fortinet sends 1 VPN Tunnel down event and you get 1-3 notifications?

Your config: 

 <uei>uei.opennms.org/vendor/fortinet/traps/fortigate/fgTrapVpnTunDown</uei>

      <rule>(IPADDR IPLIKE *.*.*.*)</rule>

says, that for every node which receives an event with UEI uei.opennms.org/vendor/fortinet/traps/fortigate/fgTrapVpnTunDown a notification will be generated and send.

I suggest to solve this issue first before using notifd for auto ack.

answered Apr 5 by mfuhrmann (7,350 points)
selected Apr 5 by Jet550
I dug into it a little more (now that I also have a little more experience with the system) and you were right in a certain way.  It wasn't necessarily multiple nodes that triggered this, but multiple event files that it matched with.  After I modified the files, the alerts are back to one per node, and auto clear when the VPN tunnels are back up.  Thanks alot.
...