Total guess here but maybe you could try changing:
HOST=%(prod-.*) SERVICE=* EXHOST=$UNUSED_PROD
MAIL $PRIMARY color=red REPEAT=60 RECOVERED NOTICE format=sms
MAIL $SECONDARY color=red DURATION>20 REPEAT=60 RECOVERED NOTICE format=sms
To:
HOST=%(prod-.*) EXHOST=%$UNUSED_PROD
MAIL $PRIMARY color=red REPEAT=60 RECOVERED NOTICE format=sms
MAIL $SECONDARY color=red DURATION>20 REPEAT=60 RECOVERED NOTICE format=sms
And obv remove the % from the start of $UNUSED_PROD, just "my 2 cents worth"
Thanks,
Jason.
------------------------------------------------------------------------
*From:* Charles Jones [mailto:jonescr (at) cisco.com]
*Sent:* 15 November 2006 18:03
*To:* hobbit (at) hswn.dk
*Subject:* Re: [hobbit] hobbit-alerts.cfg regex/MACRO problem - need help
I'm still having this problem. If anyone has any ideas I'm open to
suggestions :)
-Charles
Charles Jones wrote:
I am trying to use a regex macro to exclude a number of hosts from an
alert. Here is the one I was using at first:
$UNUSED_PROD=%prod-app-(2|3|4|5|6|7|8|9|10|11|12|18|20|21|22|23|24)|prod-web-(1|2|3|4|9|10|11)
Here is how I am using it for the actual alert definition:
HOST=%(prod-.*) SERVICE=* EXHOST=$UNUSED_PROD
MAIL $PRIMARY color=red REPEAT=60 RECOVERED NOTICE format=sms
MAIL $SECONDARY color=red DURATION>20 REPEAT=60 RECOVERED NOTICE format=sms
I ran into a problem with the host "prod-app-12" matching the regex. I
realized this was because I was not terminating the numbers, so I
changed my variable to:
$UNUSED_PROD=%prod-app-(2|3|4|5|6|7|8|9|10|11|12|18|20|21|22|23|24)$|prod-web-(1|2|3|4|9|10|11)$
This SHOULD work according to online regex testing tools, and I also
at Henriks advice, verified it using "pcretest":
$ pcretest
PCRE version 6.6 06-Feb-2006
re> /prod-app-(2|3|4|5|6|7|8|9|10|11|12|18|20|21|22|23|24)$|prod-web-(1|2|3|4|9|10|11)$/
data> prod-web-12
No match
data> prod-web-11
0: prod-web-11
1: <unset>
2: 11
data>
As seen above, the host "prod-web-12" does NOT match, but
"prod-web-11" DOES, which is exactly how I want it.
*However, when I use this in hobbit-alerts.cfg. I do not get the
expected behavior. Instead, ALL hosts match, according to pages sent
out and from viewing the "info" section. *The strange thing is,
according to hobbitd_alert --test, the hostname was successfully
excluded, but clicking on the "info" column for hosts that are
supposed to be excluded reveals that they are still configured to alert.
../bin/hobbitd_alert --test prod-web-11 procs --color-red
00009993 2006-11-09 21:48:30 send_alert prod-web-11:procs state Paging
00009993 2006-11-09 21:48:30 *** Match with 'HOST=%(prod-.*) SERVICE=*' ***
00009993 2006-11-09 21:48:30 Matching host:service:page 'prod-web-11:procs:PROD/PRODWEB' against rule line 170
00009993 2006-11-09 21:48:30 *** Match with 'MAIL $PRIMARY color=red REPEAT=60 RECOVERED NOTICE format=sms' ***
00009993 2006-11-09 21:48:30 Mail alert with command 'mail xxxxx (at) cingularme.com <mailto:xxxxx (at) cingularme.com>'
00009993 2006-11-09 21:48:30 Failed 'MAIL $SECONDARY color=red DURATION>20 REPEAT=60 RECOVERED NOTICE format=sms' (min. duration 0<1200)
...
00009993 2006-11-09 21:48:30 Failed 'HOST=* SERVICE=* EXHOST=$UNUSED_PROD' (hostname excluded)
* Another thing, when I do the same test as above, using hostname
"prod-web-12", which is a host that should NOT be excluded,
hobbitd_alert still says that it was excluded (same last line of
output as the prod-web-11 test above).
I have also tried enclosing the regex in quotes, which didn't work either.
If anyone has any insight, please let me know. I have contacted Henrik
about this, but I believe he misread my email, as he suggested that I
add $ to the regex, which I had already tried...so now I am hoping
that he or someone else sees this message and can see what Im doing wrong.
-Charles