[Xymon] Configuring alerts

Dominique Frise dominique.frise at unil.ch
Tue Feb 20 08:51:55 CET 2018 

Extract from analysis.cfg(5) man page :


DIRECTING ALERTS TO GROUPS
       For some tests - e.g. "procs" or "msgs" - the right group of people  to
       alert  in case of a failure may be different, depending on which of the
       client rules actually detected a problem. E.g. if you have PROCS  rules
       for  a  host  checking  both "httpd" and "sshd" processes, then the Web
       admins should handle httpd-failures, whereas "sshd" failures  are  han-
       dled by the Unix admins.

       To handle this, all rules can have a "GROUP=groupname" setting.  When a
       rule with this setting triggers a yellow or red status,  the  groupname
       is passed on to the Xymon alerts module, so you can use it in the alert
       rule definitions in alerts.cfg(5) to direct alerts to the correct group
       of people.


For example, in alerts.cfg, you would have:


HOST=myhostname

    PROC notepad.exe 1 GROUP=admins


And this in alerts.cfg:


HOST=myhostname SERVICE=procs GROUP=admins

    MAIL john at testlab.local


HTH,


Dominique

UNIL - University of Lausanne

________________________________
De : Xymon <xymon-bounces at xymon.com> de la part de Even Hauge Juberg <even.juberg at artsdatabanken.no>
Envoyé : lundi 19 février 2018 15:53
À : xymon at xymon.com
Objet : [Xymon] Configuring alerts

Hi!

I've been trying a few things to get the correct alerts to the correct staff-member, but for some reason I cannot get it to work. In order to find out if I'm doing something wrong within the configuration of Xymon, or if I have to search somewhere else, I'm reaching out here to see if anyone can give me any pointers.

The scenario is that I have one particular host, that should be running a specific process. Let's say this process is "notepad.exe" - if "notepad.exe" is not running, John should get an email.

What I have done so far is this:

1.       Edited the configuration file on my host as follows in the "procs section": <setting name="notepad.exe" rule="=1" comment="Notepad" alarmcolor="red" />

a.       My goal here is to check if there is one instance of notepad.exe running - if not, give a "red alert".

b.       This seems to be working.  The host in the web-view of Xymon turns red in the procs column, and notepad.exe is shown as running -1 instance if there is not one running. So far so good!

2.       Now I want John to be alerted if notepad is not running so I have edited the alert.cfg in the following way:

a.       HOST=myhostname(the same as in hosts.cfg NAME:myhostname) SERVICE=notepad.exe MAIL john at testlab.local<mailto:john at testlab.local> DURATION>10 COLOR=red

b.       As "notepad.exe is not a service, but a process this is not working. AS "procs" is not a valid argument(at least not listed in the documentation, SERVICE was the closest thing that came to mind. So my question is simply, is there a way to filter alerts by the procs column or will I have to attack this in another way?

c.       I would like to avoid John getting nagged by any other red-alerts from this host, as his responsibility is notepad. :)

Any pointers would be highly appreciated!

Sicnerely,
Even Hauge Juberg
Senior Engineer
Norwegian Biodiversity Information Centre


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20180220/12a22887/attachment.html>

More information about the Xymon mailing list