[Hobbitmon-developer] ackcode in log file

Asif Iqbal vadud3 at gmail.com
Thu Jul 22 16:43:07 CEST 2010 

On Wed, Jul 21, 2010 at 2:11 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> On Wed, Jul 21, 2010 at 12:56 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>> On Tue, Jul 20, 2010 at 4:06 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>> On Fri, Jul 2, 2010 at 12:45 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>>> On Fri, Jul 2, 2010 at 12:38 PM, Clark, Sean <sean.clark at twcable.com> wrote:
>>>>> Acknowledge.log in the logs directory
>>>>
>>>> Hi Sean,
>>>>
>>>> That is not really what I am asking for. That is only the log if
>>>> someone acknowledges it.
>>>>
>>>> It is really the alert code that we may or may not ack. Since alerts
>>>> gets logged in
>>>> notifications.log file. So would be a logical place to have the alert
>>>> code in there as well,
>>>> even if we never ACK it
>>>
>>> so looks like I just need to modify the hobbitd/do_alert.c line 148 to
>>> 150 to add the cookie if I want it
>>> the alert code to show up in notifications.log file. Is there any
>>> other places I need to make change
>>> as well?
>>>
>>> 137         if ((alert->color >= 0) && (alert->color < COL_COUNT)) sev
>>> = sevtxt[alert->color];
>>> 138
>>> 139         switch (alert->state) {
>>> 140           case A_PAGING:
>>> 141           case A_ACKED:
>>> 142                 subjfmt = (include_configid ? "Hobbit [%d] %s:%s
>>> %s [cfid:%d]" :  "Hobbit [%d] %s:%s %s");
>>> 143                 snprintf(subj, sizeof(subj)-1, subjfmt,
>>> 144                          alert->cookie, alert->hostname,
>>> alert->testname, sev, recip->cfid);
>>> 145                 break;
>>> 146
>>> 147           case A_NOTIFY:
>>> 148                 subjfmt = (include_configid ? "Hobbit %s:%s NOTICE
>>> [cfid:%d]" :  "Hobbit %s:%s NOTICE");
>>> 149                 snprintf(subj, sizeof(subj)-1, subjfmt,
>>> 150                          alert->hostname, alert->testname, recip->cfid);
>>> 151                 break;
>>> 152
>>> 153           case A_RECOVERED:
>>> 154                 subjfmt = (include_configid ? "Hobbit %s:%s
>>> recovered [cfid:%d]" :  "Hobbit %s:%s recovered");
>>> 155                 snprintf(subj, sizeof(subj)-1, subjfmt,
>>> 156                          alert->hostname, alert->testname, recip->cfid);
>>> 157                 break;
>>> 158
>>> 159           case A_NORECIP:
>>> 160           case A_DEAD:
>>> 161                 /* Cannot happen */
>>> 162                 break;
>>> 163         }
>>>
>>
>> I am still playing with the ackcode/alertcode to put into
>> notifications.log. Looks like I actually
>> have to modify the code here
>>
>>   387                                          if (logfd) {
>>   388                                                  init_timestamp();
>>   389                                                  fprintf(logfd,
>> "%s %s.%s (%s) %s[%d] %ld %d",
>>   390
>> timestamp, alert->hostname, alert->testname,
>>   391
>> alert->ip, recip->recipient, recip->cfid,
>>   392
>> (long)now, servicecode(alert->testname));
>>   393                                                  if
>> (alert->state == A_RECOVERED) {
>>   394
>> fprintf(logfd, " %ld\n", (long)(now - alert->eventstart));
>>   395                                                  }
>>   396                                                  else {
>>   397
>> fprintf(logfd, "\n");
>>   398                                                  }
>>   399                                                  fflush(logfd);
>>   400                                          }
>>
>> I have to add alert->cookie in there. Will confirm it that works
>
> ok so I applied this patch.
>
> --- hobbitd/do_alert.c.orig     2010-07-21 13:36:07.000000000 -0400
> +++ hobbitd/do_alert.c  2010-07-21 13:36:32.000000000 -0400
> @@ -414,8 +414,8 @@
>                                        pclose(mailpipe);
>                                        if (logfd) {
>                                                init_timestamp();
> -                                               fprintf(logfd, "%s
> %s.%s (%s) %s[%d] %ld %d",
> -                                                       timestamp,
> alert->hostname, alert->testname,
> +                                               fprintf(logfd, "%s %d
> %s.%s (%s) %s[%d] %ld %d",
> +                                                       timestamp,
> alert->cookie, alert->hostname, alert->testname,
>                                                        alert->ip,
> recip->recipient, recip->cfid,
>                                                        (long)now,
> servicecode(alert->testname));
>                                                if (alert->state ==
> A_RECOVERED) {
>
> Then make clean; make; make install . But I still do not see the
> ackcode/alertcode in the notifications.log file.
>
> Any suggestion?

ok, the patch worked. I had to restart hobbitd_alert, doh!

Here is the patch as an attachment, if anyone is interested.

It puts the same alertcode, that you receive in the subject of your
hobbit alert, into
the notifications log as well. we feed this log to splunk and it helps with
our stat on total number of unique alerts per day



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hobbitd_do_alert.patch
Type: application/octet-stream
Size: 1005 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100722/f63db58a/attachment.obj>

More information about the Xymon mailing list