[Xymon] Annyoing logic in alerts.cfg

Even Hauge Juberg even.juberg at ntnu.no
Thu Mar 30 13:01:14 CEST 2017 

Thank you for your reply. That config was my desperate attempt to trick the system, after my initial configuration did not do what I wanted it to. My first attempt looked like this(which is also my current config):

HOST=somehost SERVICE=http
        MAIL some.user at local DURATION>5  COLOR=red
        MAIL some.user at local DURATION>5 COLOR=red
HOST=* COLOR=red
       MAIL some.user at local DURATION>5 COLOR=red


This has sent, since yesterday, 200 OK messages to my inbox. The result from the –dump-config looks like it would produce the result I want and need, but it just will not stop with the annoying “OK” messages.

They look like this:

green Thu Mar 30 11:39:24 2017: OK



&green someURL - OK



HTTP/1.1 200 OK

Content-Type: text/html

Last-Modified: Thu, 14 Apr 2011 10:19:24 GMT

Accept-Ranges: bytes

ETag: "c7c3ab6d8dfacb1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Thu, 30 Mar 2017 09:39:23 GMT

Connection: close

Content-Length: 611



Seconds: 0.009634000

Getting hundreds of these in a couple of days, really takes away from the useful messages I would like to receive.

Sincerely
Even


Fra: Xymon [mailto:xymon-bounces at xymon.com] På vegne av Henrik Størner
Sendt: torsdag 30. mars 2017 12.12
Til: xymon at xymon.com
Emne: Re: [Xymon] Annyoing logic in alerts.cfg


Den 27-03-2017 14:04, Even Hauge Juberg skrev:

*snippet from my alerts.cfg*


HOST=* RECOVERED=1
        IGNORE HOST=*

HOST=one-host SERVICE=http
        MAIL someuser at domain.local<mailto:someuser at domain.local> COLOR=red
        MAIL someuser at domain.local<mailto:someuser at domain.local> DURATION>5 COLOR=red

Several problems here.

  1.  "IGNORE" is for a recipient. If you want to exclude a host it is "EXHOST=<hostname>". But having a "HOST=* EXHOST=*" does not make sense.
  2.  It is "RECOVERED" by itself, not "RECOVERED=1".
  3.  Judging from the whitespace (the blank line), you want the first "HOST=*" to be a rule by itself. It is not, a rule must have a recipient (MAIL or SCRIPT). So all of what you have from this bit of alerts.cfg go into one rule, and probably ends up being interpreted as all "http" alerts going to the two mail addresses, and both of them receiving recovery notifications. Try running "xymoncmd xymond_alert --dump-config" and see how the parsed configuration looks.
 What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
If you don't want any messages about recovered hosts, just dont put "RECOVERED" anywhere in your config. They are not enabled by default.


If you want recovery messages for all of the recipients matching a rule, then put it on the rule specification. E.g.

HOST=one-host SERVICE=http RECOVERED
   MAIL adam at example.com<mailto:adam at example.com>
   MAIL eve at example.com<mailto:eve at example.com>

will send alerts and recovery notices to both Adam and Eve.


If you only want recovery notices sent to one recipient, then put it on that recipient:

HOST=one-host SERVICE=http
   MAIL adam at example.com<mailto:adam at example.com> RECOVERED
   MAIL eve at example.com<mailto:eve at example.com>

will send alerts to both Adam and Eve, but recovery messages only to Adam.


Regards,
Henrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170330/3ddf97e3/attachment.html>

More information about the Xymon mailing list