[Xymon] Annyoing logic in alerts.cfg
Even Hauge Juberg
even.juberg at ntnu.no
Thu Mar 30 13:01:14 CEST 2017
Thank you for your reply. That config was my desperate attempt to trick the system, after my initial configuration did not do what I wanted it to. My first attempt looked like this(which is also my current config):
HOST=somehost SERVICE=http
MAIL some.user at local DURATION>5 COLOR=red
MAIL some.user at local DURATION>5 COLOR=red
HOST=* COLOR=red
MAIL some.user at local DURATION>5 COLOR=red
This has sent, since yesterday, 200 OK messages to my inbox. The result from the –dump-config looks like it would produce the result I want and need, but it just will not stop with the annoying “OK” messages.
They look like this:
green Thu Mar 30 11:39:24 2017: OK
&green someURL - OK
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 14 Apr 2011 10:19:24 GMT
Accept-Ranges: bytes
ETag: "c7c3ab6d8dfacb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 30 Mar 2017 09:39:23 GMT
Connection: close
Content-Length: 611
Seconds: 0.009634000
Getting hundreds of these in a couple of days, really takes away from the useful messages I would like to receive.
Sincerely
Even
Fra: Xymon [mailto:xymon-bounces at xymon.com] På vegne av Henrik Størner
Sendt: torsdag 30. mars 2017 12.12
Til: xymon at xymon.com
Emne: Re: [Xymon] Annyoing logic in alerts.cfg
Den 27-03-2017 14:04, Even Hauge Juberg skrev:
*snippet from my alerts.cfg*
HOST=* RECOVERED=1
IGNORE HOST=*
HOST=one-host SERVICE=http
MAIL someuser at domain.local<mailto:someuser at domain.local> COLOR=red
MAIL someuser at domain.local<mailto:someuser at domain.local> DURATION>5 COLOR=red
Several problems here.
1. "IGNORE" is for a recipient. If you want to exclude a host it is "EXHOST=<hostname>". But having a "HOST=* EXHOST=*" does not make sense.
2. It is "RECOVERED" by itself, not "RECOVERED=1".
3. Judging from the whitespace (the blank line), you want the first "HOST=*" to be a rule by itself. It is not, a rule must have a recipient (MAIL or SCRIPT). So all of what you have from this bit of alerts.cfg go into one rule, and probably ends up being interpreted as all "http" alerts going to the two mail addresses, and both of them receiving recovery notifications. Try running "xymoncmd xymond_alert --dump-config" and see how the parsed configuration looks.
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
If you don't want any messages about recovered hosts, just dont put "RECOVERED" anywhere in your config. They are not enabled by default.
If you want recovery messages for all of the recipients matching a rule, then put it on the rule specification. E.g.
HOST=one-host SERVICE=http RECOVERED
MAIL adam at example.com<mailto:adam at example.com>
MAIL eve at example.com<mailto:eve at example.com>
will send alerts and recovery notices to both Adam and Eve.
If you only want recovery notices sent to one recipient, then put it on that recipient:
HOST=one-host SERVICE=http
MAIL adam at example.com<mailto:adam at example.com> RECOVERED
MAIL eve at example.com<mailto:eve at example.com>
will send alerts to both Adam and Eve, but recovery messages only to Adam.
Regards,
Henrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170330/3ddf97e3/attachment.html>
More information about the Xymon
mailing list