Wait Rules
Wait Rules are Alert Rules that include the wait parameter.
wait 5m * * ping4 PING.icmpState = email [email protected]
In this section, we'll explore how Wait Rules work and how to use them effectively.
1. Status Attributes
AKIPS uses the Status Attributes table to determine whether to trigger an alert. This table lists the possible states in an Attribute, divided into two categories: Good States and Bad States.
The full table is available in the Status Alerts web help text.
| Status | Attribute | Good States | Bad States |
|---|---|---|---|
| Ping Status | PING.icmpState | up | down |
| BGP Peer Status | BGP4-MIB.bgpPeerState | idleestablished | connectactiveopensentopenconfirm |
2. Trigger
Wait Rules trigger when a device remains in a Bad State for N time.
If no value parameter is specified, the rule defaults to alerting on Bad States defined in the
Status Attributes table.
Scenario 1: Ping down
Wait Rule:
wait 5m * * ping4 PING.icmpState = email [email protected]
In this scenario, a device entered a Ping down state and has remained in that state for 5 minutes.
--- displayMode: compact --- gantt title Timeline todayMarker off dateFormat HH:mm axisFormat %H:%M section Good State Up :a, 09:59, 1m section Bad State Down :crit, 10:00, 5m section Alert Trigger :milestone, 10:03, 4m
Result:
An alert is sent because the condition matched the Wait Rule and persisted for 5 minutes.
Scenario 2: Ping up
Wait Rule:
wait 5m * * ping4 PING.icmpState = email [email protected]
In this scenario, a device entered a Ping down state, remained in that state for 4 minutes, and
then returned to a Ping up state.
--- displayMode: compact --- gantt title Timeline todayMarker off dateFormat HH:mm axisFormat %H:%M section Good State Up :a, 09:59, 1m Up :a, 10:04, 3m section Bad State Down :crit, 10:00, 4m
Result:
No alert is sent because the condition did not persist for at least 5 minutes.
Scenario 3: Device Flapping
Wait Rule:
wait 5m * * ping4 PING.icmpState = email [email protected]
In this scenario, a device is "flapping" between Ping up and Ping down states.
--- displayMode: compact --- gantt title Timeline todayMarker off dateFormat HH:mm axisFormat %H:%M section Good State Up :a, 09:59, 1m Up :a, 10:01, 1m Up :a, 10:04, 1m Up :a, 10:06, 1m section Bad State Down :crit, 10:00, 1m Down :crit, 10:02, 2m Down :crit, 10:05, 1m
Result:
No alert is sent because the device must remain in the Ping down state continuously for 5 minutes to
trigger an alert.
Scenario 4: BGP Peer Status
Wait Rule:
wait 5m * * * BGP4-MIB.bgpPeerState = email [email protected]
BGP Peer Status can transition to multiple bad states.
--- displayMode: compact --- gantt title Timeline todayMarker off dateFormat HH:mm axisFormat %H:%M section Good State Idle :a, 09:59, 1m section Bad State Connect :crit, 10:00, 1m OpenSent :crit, 10:01, 1m Active :crit, 10:02, 3m section Alert Trigger :milestone, 10:03, 4m
Result:
An alert is sent because the device remained in a Bad State for 5 minutes.
connect, opensent, and active are considered Bad States.
3. Recovery Alerts
Wait Rules also send an alert when a device recovers. These are referred to as Recovery Alerts.
This behaviour is enabled when:
- No
valueparameter is specified in the Wait Rule, or - A
valueparameter contains a Good and a Bad State
A Recovery Alert is sent when:
- The device enters a Bad State and has triggered a Wait Rule
- The device later returns to a Good State — the same rule will trigger again for the recovery
Example
wait 5m * * ping PING.icmpState = email [email protected]
- Alert for devices that enter a
Ping downstate for 5 minutes. - When the device recovers, another alert will be sent for the
Ping upevent.
--- displayMode: compact --- gantt title Timeline todayMarker off dateFormat HH:mm axisFormat %H:%M section Good State Up :a, 09:59, 1m Up :a, 10:07, 1m section Bad State Down :crit, 10:00, 7m section Alert Trigger :milestone, 10:05, 0m Alert Recovery :milestone, 10:07, 0m
In this example, an Alert would be received at:
- 10:05 - Device Ping down
- 10:07 - Device Ping up