alert rules
Sue Bauer-Lee
sblee at tazmania.org
Thu May 5 17:12:07 CEST 2005
My epxressions here must be really confusing:
$WINOPS=winops at xyz.com
# CCRT Windows
HOST="%(cctfep3*|cctapp3*|cctfep1[0-9]||cctfep0*|cctapp[0-9]|cctpdp0*|cctdbp0*)" SERVICE=conn
(164) MAIL $WINOPS REPEAT=10 RECOVERED
(172) HOST="%(tucwbs1*|ttucfes1*|tucaps1*|tucwbq1*|tucfeq1*|tucapq1*)" SERVICE=conn
MAIL $UNIXOPS REPEAT=10 RECOVERED
00012290 2005-05-05 10:49:39 *** Match with 'HOST=%(cctfep3*|cctapp3*|cctfep1[0-9]||cctfep0*|cctapp[0-9]|cctpdp0*|cctdbp0*) SERVICE=conn' ***
00012290 2005-05-05 10:49:39 Matching host:service:page 'smtp2:conn:' against rule line 164
00012290 2005-05-05 10:49:39 *** Match with 'MAIL $WINOPS REPEAT=10 RECOVERED' ***
00012290 2005-05-05 10:49:39 Mail alert with command 'mail -s "Hobbit [12345] smtp2:conn CRITICAL (RED)" winops at xyz.com'
00012290 2005-05-05 10:49:39 Matching host:service:page 'smtp2:conn:' against rule line 172
This also paging by a different rule. bottom line is that there is no real
HOST entry to match this hostname. The paging rule is not listed on the info
page for this host.
5 rules further down in the alerts file but not the last rule:
(doesn't show on the info page)
HOST=Teletrack,GetEfunds,Equifax-Canada,TU-Canada,TU,Equifax,Experian SERVICE=conn
MAIL abc at xyz.com
MAIL $UNIXADM3
-----------------------------------------------------
Sue Bauer-Lee | KE4HNN, SSCP
Carrollton, GA 30112 | Email: sblee at tazmania.org
-----------------------------------------------------
More information about the Xymon
mailing list