Hi Matthew,

100% agree that you are *not* alone.

/suntzu

the lack of this is THE MAIN feature holding me back from be able to implement zenoss for real in the company i work for.

as long zenoss dont have options to setup parent children dependency between stuff in its inventory and the stuff in the devices you basically can not sort out the alarms making the monitoring complete

and zenoss will remain a thing i like but just keep testing out, but dont match up with other monitoring tools used today

This is the same major problem I've met with Zenoss. And receiving hundreds of alerts could also "hide" another alert (you know what I meen.. select all, Mark As Read and Voilà...)

I'm not a python developer, but I gathered some script and rewrote a bit some of them for my needs.

This is how my Zenoss is organized : I've created for all my sites a Location. The routeur name allways starts with "Routeur".

This idea was to check if the router of this site was down or not. If yes, then the other devices are set to be "Acknowledged" (which means no alert for me).

But I've faced another problem while doing this: while zenoss was sending ping to test, the non-routeur device could be ping'd right before the location's router.

So I've had to count the number of alert 'script taken somewhere on this site, but I don't remember where, all credits go to the author of course).

I have to tweak a little more to rewrite the summary without changing the dedupfields.

Hope it helps!!

Jude

In Transform of /Status/Ping:

# Create the dedup id; This is what zenoss normally does to the event to ascertain if
# it is a duplicate (another occurance) of an existing event. We are doing it in this
# transform to be able to reference the count variable, which does not come with an
# incoming event.

dedupfields = [evt.device, evt.component, evt.eventClass, evt.eventKey, evt.severity]
if not evt.eventKey:
    dedupfields += [evt.summary]
mydedupid = '|'.join(map(str, dedupfields))

# Get the event details (including count) from the existing event that is in the mysql database
em = dmd.Events.getEventManager()
em.cleanCache()
try:
    ed = em.getEventDetail(dedupid=mydedupid)
    mycount = ed.count
except:
    mycount = 0

myDevice = dmd.Devices.findDevice(evt.device)
myDevName = myDevice.getDeviceName()
myDevClass = myDevice.getDeviceClassName()

if mycount == 0:
  if (myDevName.startswith('Routeur') == 0):
    if (myDevClass.startswith('/Network') == 1) or (myDevClass.startswith('/Ping') == 1):
      evt.eventState = 1

if mycount > 0:
  if (myDevName.startswith('Routeur') == 0):
    myLocation = myDevice.getLocationName()
    splitLoc = myLocation.split('/')
    locPath = ''
    for path in splitLoc:
      if (path != ''):
        locPath = locPath + "['" + path + "']"
    myCommand = "myDevicesList = dmd.Locations" + locPath + ".getSubDevices()"  
    exec myCommand

    for myCurrentDevice in myDevicesList:
      myDeviceName = myCurrentDevice.getDeviceName()
      if (myDeviceName.startswith('Routeur')):
        if (dmd.Devices.findDevicePingStatus(myDeviceName)>0):
           evt.eventState = 1
#          evt.summary = myDeviceName + " est injoignable"
        else:
           evt.eventState = 0

Not sure that one would help much in my case l2huynh. In my case I need one of those for each router so that if the router in front of it goes down, the down router alerts and the others don't.

@jude16, where did you put that and by location I assume you grouped items at a location. Say I have a string of towers, hops, to get to the Zenoss server and edge. If tower 2 goes down tower 3 and tower 4 would be unknown or acknowledged in your script and not alert.

FYI, I actually think there's only one JIRA request for Layer 2.  Maybe I missed something.  Anyway, here it is if you want to vote for it.  Maybe that will nudge things along.

http://jira.zenoss.com/jira/browse/ZEN-2678