ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Alarm Enrichment Rules Not working for SNMPCollector Devices

book

Article ID: 200672

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Alarm Enrichment Rules Not working as they used to, we have rules that look at a table and if the Source name of an alarm matches a value in the table, then to update the Source of the Alarm before it generates an alarm. We are able to make this work in our test environment, however the same setup in production and it does NOT work.

Cause

- alarm Subjects

Environment

Release : 20.1

Component : UIM - ALARM_ENRICHMENT

- nas v9.30

Resolution

1. Deactivated and/or cleaned up all bogus/defunct queues in Test/DEV then PROD.

2. In Test/DEV and Prod we eliminated the reference to any 'Alarm1' Subjects

3. We also cleaned up the ATTACH and GET queues that were unnecessary since nas replication and forwarding was already in place. You cannot have both. Therefore, I left the replication and forwarding in place and deactivated the queues, then also removed any occurrence of Alarm1. Checked the results and then still everything was working as expected and also there were no more occurrences of the bogus alarm with severity of (Major) for what was a clear alarm.

Bottom line is that MOST of the time, in most environments, you want to make sure that the alarm_enrichment Subject is alarm and the nas alarm Subject is alarm2.

Quick checklist of message Subjects for nas, alarm_enrichment and alarm_routing_service probes
https://knowledge.broadcom.com/external/article/9822/quick-checklist-of-message-subjects-for.html

How to switch back from using EMS to using NAS again
https://knowledge.broadcom.com/external/article/199273/how-to-switch-back-from-using-ems-to-usi.html

So now, as a result, the Test/DEV environment and PROD alarm source field values are being populated with the short hostname, and you are no longer receiving clear alarms with the wrong severity (Major) as per our changes and checking the alarm results in both environments.