HPE Community
HPE OneView
1752546 Members
4542 Online
108788 Solutions
New Discussion

Re: OneView Alert Mails - Filtering out Multiple Conditions

 
SOLVED
Go to solution
ChrisLynch
HPE Pro

‎12-12-2018 03:48 PM

‎12-12-2018 03:48 PM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Yes it is frustrating not be able to filter this in a easy way, 

I'm sorry that this is frustrating.  As I just mentioned, we are working on updating our user documentation on how to use the Smart Search and Email Filtering capabilities.  

i mean why would you send an security alert about an expired leave certificate every hour!? who cares!, why all this fuzz about certificates anyway.

It is very important for you to know that you have expired certificates.  HPE OneView will not be able to negotiate TLS with the iLO or endpoint whos certificate has expired.  One way to address this is to use an internal enterprise PKI (i.e. Microsoft Certificate Services) to manage endpoint SSL certificates.  That way, you add the issuing certificate authorities public certificate to the appliance once, and that is it.  If the endpoints SSL certificate expires, you simply renew it from the issuer, and we will the implicitly trust that certificate, as long as it is valid and not revoked.

status:critical status:warning NOT alertTypeID:crm.connectionstatechange NOT alertTypeID:alerts.certificatestatus.expired NOT alertTypeID:remote-support.notconnectedtohp

This should work, and is similar to the updated examples we are adding to the user documentation and online help.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Mainecoon
Advisor

‎12-15-2018 01:50 AM - edited ‎12-18-2018 06:28 AM

‎12-15-2018 01:50 AM - edited ‎12-18-2018 06:28 AM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Hi Chris, thank you for the responce!

About the certificates is this also the case when you disable th cert. verification? as i had many expired certs and did not see any connection issues to the iLO but got fludded every hour with ton's of email. Also now that i clear most of these there are still old cert warning (that are already updated) that are in a locked state that i cannot clear also not via commandline.

Also about this line:

status:critical status:warning NOT alertTypeID:crm.connectionstatechange NOT alertTypeID:alerts.certificatestatus.expired NOT alertTypeID:remote-support.notconnectedtohp

i can tell you it is not working at least not for the connection state part, for the other two i will have to verify the activity log to see if we had any of these.

I would like to filter the connection alert below that happens during server reboot:

Critical

 An error has occurred on connection XX. Interconnect XXXXXXXXXX, interconnect X port X subport X is unlinked. XXXXXXXX
 Resolution If the server XXXXXXXX, bay X is power cycling or powered off, connectivity alerts may occur as the network adapter
 is either disconnected or negotiates connectivity with the interconnect. These alerts can be ignored and should clear automatically.
 If this server is booted up and running an operating system, this alert indicates a loss of connectivity between the network adapter
 and the interconnect. Verify that the CNA supports the current interconnect downlink speed. Verify the configuration of the
operating system, health and link status of the downlink ports on which the connection depends. If the problem persists,
please contact your authorized support representative and provide them with a support dump.
• Alert details

Updates:

I can confirm that the following is working:

12/17/2018  - "NOT alertTypeID:remote-support.notconnectedtohp"  filters out "Remote support is unable to connect to HPE. Remote Support" .

12/18/2018 - "NOT alertTypeID:profilemgr.connections.connection_scmb_error"  filters out
"An error has occurred on connection X. Interconnect XXXXXXXXX, interconnect X port XX subport a is unlinked" .

12/18/2018 - " NOT alertTypeID:crm.connectionstatechange" filters out "Connection on downlink port XX, subport a has failed. The subport is unlinked".

Now looking into "The overall status of the system network is in the error state."

 I'm NOT yet working for HPE.

 

Reply
Daniel-L
Advisor

‎01-21-2019 05:58 AM

‎01-21-2019 05:58 AM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Hello Mainecoon,

thanks for providing your insight into the alert filtering posibilites - this really helped me a lot!

Did you have any luck in filtering "The overall status of the system network is in the error state."?

0 Kudos
Reply
BPOS
Visitor

‎01-28-2019 01:26 PM

‎01-28-2019 01:26 PM

Re: OneView Alert Mails - Filtering out Multiple Conditions

This is a confusing statement as the help menu in OneView has a link to the community forum.  What's the purpose of a community forum if not to SUPPORT the community who BUYS your PRODUCTS?  Also, I'm on the latest version and can see no improvement with documentation on this setting.  It would be very helpful if more examples were provided.  Maybe glean over the most commonly asked questions on the forum and include in the docs?

Reply
ChrisLynch
HPE Pro

‎01-28-2019 01:41 PM

‎01-28-2019 01:41 PM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Hello and welcome to the HPE Community @BPOS.  The community here is to allow HPE customers and partners to discuss HPE specific topics.  It is not the official avenue for product support.

We have made some changes to our user documentation, which will be posted soon when our next major release is generally available.  It will provide more guidance on how to use the Search box beyond just stating to provide API query syntax as the documentation currently states.  Once the updated user guides are posted, I'll follow back up with the URL and where to locate that information.


I am an HPE employee

Accept or Kudo

Reply
Daniel-L
Advisor

‎01-28-2019 10:58 PM

‎01-28-2019 10:58 PM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Hello Chris,

thanks for your update on this.

While waiting for this next release, could you maybe give me a hint, how to retrieve the alertTypeID for any Altert listed in the activity view. Could this be archived via API call / PowerShell or do we just have to forward all Alerts via syslog or snmp to a third system to do the analysis there?

Regards,

Daniel

0 Kudos
Reply
Mainecoon
Advisor

‎01-29-2019 12:21 AM - edited ‎01-29-2019 12:23 AM

‎01-29-2019 12:21 AM - edited ‎01-29-2019 12:23 AM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Well yes and no in sense that i decided to remote "status:warning" from the filter as this is a warning message only. So far i don't see anything filtered out that i would have like to see. Currently i only see network error's when we do firmware upgrade on the iLO.

@chris, thank for the sharing this news, looking forward for the update.

0 Kudos
Reply
Daniel-L
Advisor

‎01-29-2019 07:15 AM - edited ‎01-29-2019 07:15 AM

‎01-29-2019 07:15 AM - edited ‎01-29-2019 07:15 AM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Spend some time analysing the alerts for a single server directly with the API using Postman.

GET https://oneview.lab/rest/alerts?start=0&count=-1&filter="severity EQ 'CRITICAL'"&filter="alertState EQ 'Cleared'"&filter="healthCategory EQ 'Network'"&filter="resourceUri EQ '/rest/server-hardware/31333138-3839-5A43-3338-313457374356'"

Pulled the interesting parts:

"description": "The overall status of the system network is critical.",
"alertTypeID": "Trap.HealthStatusArrayCategoryStatus",

"description": "Connectivity lost for adapter in slot 2, port 4.",
"alertTypeID": "Trap.cpqNic3ConnectivityLost",

So my notification filter now looks like this:

status:critical NOT alertTypeID:profilemgr.connections.connection_scmb_error NOT alertTypeID:crm.connectionstatechange NOT alertTypeID:Trap.cpqNic3ConnectivityLost NOT alertTypeID:Trap.HealthStatusArrayCategoryStatus

Hope this helps anybody else.

 

 

 

 

0 Kudos
Reply
pcrooney
Occasional Visitor

‎02-10-2019 07:54 PM - last edited on ‎02-10-2019 09:27 PM by

‎02-10-2019 07:54 PM - last edited on ‎02-10-2019 09:27 PM by

Re: OneView Alert Mails - Filtering out Multiple Conditions

I'm going through the same pain as you all. I also ended up finding the strings using the REST API, using powershell and Invoke-RestMethod.

One thing it states in the online OneView help file, is that only one NOT operator is allowed, any others are treated as a string and not as an operator. However, a space between files works like and an AND, so you could do NOT yourstring anotherstring anotherstring.

I used the following code to authenticate to the client via REST, using Powershell, to see the guts of the alert emails, that included the AlertID strings.

In the alert email you get now, there is a hyperlink to the rest URI for each alert (ex: https://10.45.8.18/rest/alerts/11704), just plug that in to the end of this script and output to a file.

All you need to change in the below script is username/password, if using Local authentication, plus your appliance IP address, and at the bottom the rest URI for your alert email, like the example above. Don't change anything else, especially the PUT, that is you sending your authentication. This isn't my code, I found it online somewhere. Cheers to whoever wrote it originally.

 

*******************************start script****************

$appliance = "10.45.8.18"

$url = "https://$appliance"

$web = New-Object Net.WebClient

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

$output = $web.DownloadString($url)

$user = @{

    userName= "Administrator"

    password= "YOURPASSWORD"

    authnHost= "$appliance"

    authLoginDomain= "Local"

}

$json = $user | ConvertTo-Json

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"

$headers.Add("Content-type", 'application/json')

$headers.Add("Accept", 'application/json')

$uri = $url + '/rest/login-sessions'

$response = Invoke-RestMethod -Uri $uri -Method POST -Headers $headers -Body $json -ContentType 'application/json'

$auth = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"

$auth.Add("Auth", $response.sessionID)

$auth.Add("X-Api-Version", '300')


$uri = $url + '/rest/alerts'

Invoke-RestMethod -Method GET -Headers $auth -Uri $url/rest/alerts/26669 -outfile failedILOEntry.txt

***********************************end script********************

 

I hope this helps anyone who is struggling with this. please let me know if you have any questions.

Cheers,

Paul

0 Kudos
Reply
NJK-Work
Honored Contributor

‎12-17-2019 12:14 PM - edited ‎12-17-2019 12:15 PM

‎12-17-2019 12:14 PM - edited ‎12-17-2019 12:15 PM

Re: OneView Alert Mails - Filtering out Multiple Conditions

Hi pcrooney

Thanks for the tip about using only one NOT in the filter.  So I am doing something like this:

status:critical status:warning NOT alertTypeID:Trap.cpqNic3ConnectivityLost alertTypeID:Trap.cpqNicAllLinksDown

Is this what you are saying?  Only one NOT and then a space between the type alertTypeID entries?

Thanks

NK

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.