Invariably, half the alerts are false positives that frustrate you and your team. Here are a few things that you can do to avert false postives:
1. Suppress Alarms for device: Its possible that you have pulled down some devices for maintenance or a device has crashed and may not be up any time soon. Tell OpManager to stop sending alerts for such devices. Go to the device snapshot page > Actions menu > Suppress Alarms and select the period for which you like the alarms suppressed.
2. Set up thresholds: When configuring thresholds, specify the consecutive failure counts. For instance, if the poll interval is 5 mins, a device might not respond to a poll due to a transient spike leading to a ‘down’ alert. The subsequent polls will succeed and you will find ‘clear’ alerts. This erratic up-down alerts can be avoided by letting OpManager alert you after 3 consecutive polls.
3. Configure device dependencies: If a router or a firewall is down, the devices behind these do not respond to polls resulting in unnecessary ‘down’ alerts. Configure device dependencies so that OpManager does not monitor a set of devices if the dependent device is down.
4. Optimize Syslog Rules: The consecutive failure counts can be specified even when parsing syslogs. The advanced syslog configuration screen contains a field where you can indicate the number of occurrences.