Hello,
I have been working with Kiwi and trying to setup custom email alerts for a number of devices and have ran into an issue and wondering if anyone has any insight for me.
For Example if I setup the following email alerting Rule Set:
Critical Devices
+ Filters
+ IP Range = 192.168.0.1 - 192.168.0.55
+ Priority = All Facilities (Emerg + Alert)
+ Flags/Counters = Time Interval (60 Minutes)
+ Actions
+ E-Mail Message (MyEmail@email.com)
So with the above example I am just looking to get alerts for my critical devices, in this example they are all in the sub-net above, and the time interval is set to ensure that I am not getting bombarded with a ton of alerts in a short period of time.
The issue:
If I have two different devices that are triggering critical events at the same point in time, I will only get alerts from one of those devices based on the rule set above.
The Question:
Is there a way to configure ONE rule set to alert on a series of devices, and the flags and counters will only come into effect if its the SAME device sending the critical message within the time frame specified? Without creating a separate rule set for each critical device?
My Thoughts:
My Assumption is no this is not possible without creating different rule sets. If this is the case, I was thinking maybe the only way to accomplish what I want is VIA a script, my only issue would be is that if I create a script, I am unsure what command I would use to get Kiwi to stop processing the actions.
Ex. If critical alert comes in
check if alert has been processed in last 60 minutes
if yes
Exit
else
Send alert
end if
end if
Obviously that is very basic, but perhaps it can get the idea across. My issue is that I have no idea what I can do VIA script to tell Kiwi to stop processing actions after my script if my script determines the alerts have been sent in the last 60 minutes.
Sorry if this is confusing, please let me know if I should clarify anything.
Jamie
