Alerts - HOSTS matching regular expressions.

Kii NODA kii.noda at gmail.com
Thu Jan 28 22:55:33 CET 2010 

Hi everyone,

After doing some testing I can say we've elegantly solved the problem caused
by "HOST=%^asd$" matching both hosts named "asd" and "asdf" despite the "$"
at the end. We've added a "STOP" rule at the end of the "special" rules that
only alert CTO & CEO of Junkyard.

The problem still remains, however.

The new, most elegant ruleset thus far, follows:

--- cut here ---
HOST=junkyard-starbox-v_trash
  MAIL=cto at junkyard.tld
  STOP

HOST=junkyard-starbox-x_dustbin
  MAIL=ceo at junkyard.tld
  STOP

HOST=*
  MAIL=stars at sysadmins.tld REPEAT=60 RECOVERED NOTICE COLOR=purple,yellow
  MAIL=stars at sysadmins.tld REPEAT=10 RECOVERED NOTICE COLOR=red
  MAIL=cto at sysadmins.tld DURATION>60 REPEAT=60 RECOVERED NOTICE
COLOR=purple,yellow
  MAIL=cto at sysadmins.tld DURATION>30 REPEAT=60 RECOVERED NOTICE COLOR=red
--- and here ---


On Thu, Jan 28, 2010 at 10:45 PM, Kii NODA <kii.noda at gmail.com> wrote:

> Hi everyone,
>
> As you may have already been aware by now, we're here to stay. :)
>
> Here's one interesting problem (and maybe simple) for you: We've seen that
> "HOST=%^asd$" matches both hosts named "asd" and "asdf", not respecting the
> "$" at the end. Can you guys please confirm that regex matching for "HOST="
> does not care about the "$" sign?
>
> For those that need some expanded case-study (all others can now stop),
> here's the story behind: we are managing various servers of ours and our
> customers. Due to the fact that we do not control DNS entries for all these
> machines we have come up with a naming scheme like this:
>
> --- cut here ---
> junkyard-starbox # clientID=junkyard, starbox=actual machine
> junkyard-starbox-v_trash # v_trash=vserver named trash running on starbox
> junkyard-starbox-v_trashcan # v_trashcan=vserver named trashcan running on
> starbox
> junkyard-starbox-x_dustbin # x_dustbin=xen server running on starbox
> --- and here ---
>
> We need to send these "special" alerts:
> * ONLY cto at junkyard.tld for events on junkyard-starbox-v_trash
> * ONLY ceo at junkyard.tld for events on junkyard-starbox-x_dustbin
>
> Also, we need to send these alerts for all other hosts & events:
> * stars at sysadmins.tld for purple, yellow & red w/ REPEAT=60
> * cto at sysadmins.tld for red w/ DURATION>30 and REPEAT=60
> * cto at sysadmins.tld for yellow&purple w/ DURATION>60 and REPEAT=60
>
> Exercising our brain muscles we came up with these:
> --- cut here ---
> #alert CTO for v_trash
> HOST=junkyard-starbox-v_trash
>   MAIL=cto at junkyard.tld
>
> #alert CEO for x_dustbin
> HOST=junkyard-starbox-x_dustbin
>   MAIL=ceo at junkyard.tld
>
> #stop alerting for the private boxes above
> HOST=*
>   IGNORE HOST=%^junkyard-starbox-(v_trash|x_dustbin)$
>
> HOST=* COLOR=purple,yellow
>   MAIL=stars at sysadmins.tld REPEAT=60 RECOVERED NOTICE
>   MAIL=cto at sysadmins.tld DURATION>60 REPEAT=60 RECOVERED NOTICE
>
> HOST=* COLOR=red
>   MAIL=stars at sysadmins.tld REPEAT=10 RECOVERED NOTICE
>   MAIL=cto at sysadmins.tld DURATION>30 REPEAT=60 RECOVERED NOTICE
> --- and here ---
>
> However, even with the "$" at the end of our regex we are no longer
> receiving any alerts for v_trashcan because the regex wrongly matches on the
> "IGNORE HOST=" line. We could use 2 lines to match each host on its own line
> but that's not the point of this exercise.
>
> So, can anyone confirm our finding?
> --
> kN
>



-- 
kN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100128/e4fa4d95/attachment.html>

More information about the Xymon mailing list