This may be more of a trap configuration question, but I'm putting it in Alert Central because this one issue generated 15,000 emails and 5,000 alerts.
I have a trap rule configured for port storm control triggers that has the following threshold:
The actions are to e-mail Alert Central and stop processing trap rules.
So we had an instance where storm control was triggering and creating a log/trap every .04 seconds or so. With the above rule, this should've been triggering an e-mail once every 10 minutes once 5 traps have been received. My question is why did this not have any effect? The lack of reasonable incident suppression and deduplication is the reason that we can't integrate Alert Central or SolarWinds as a tool usable by all of our infrastructure teams, instead of just for network monitoring. Simple logic like the above rule should've limited this issue to maybe 2-3 e-mails instead of 15,000, but it did absolutely nothing.
I've double checked that I had the right MIB in the trap, and there is no predecessor trap rule that includes the MIB with different trigger/alert actions.
Has anyone experienced similar issues? Where the sheer quantity of alerts appear to overwhelm the rule processing?