Re: GROUP/EXGROUP going nuts ?

["Jerry Yu" <jjj863 (at) gmail.com>]

for now, I removed GROUP/EXGROUP in alert rules and reverted to alert upon
'host= service='.  It is not desirable since granularity rendered possible
by GROUP is lost: alert is sent for the whole 'msgs' service instead of one
out of nine file/log checks for that host.msgs

On 11/29/06, Jerry Yu <jjj863 (at) gmail.com> wrote:
> if I have a alert rule as below in hobbit-alerts.cfg, every alerts will
> match the GROUP rule, plus EXGROUP doesn't seem to be effective either.
> Such behavior was observed from the real email received as well as by the
> insightful "bbcmd hobbitd_alert --test".
>
> Only one group is defined.
> GROUP=junkgroup
>    MAIL junkgroup (at) my.domain color=red
> HOST=* EXGROUP=junkgroup
>    MAIL realdeal (at) my.domain color=yellow
>
> It is the same case if the group named in hobbit-alerts.cfg is bogus, aka,
> not defined in hobbit-clients.cfg.
>
> Only one group is defined in hobbit-clients.cfg, as listed below:
>   log /tmp/junkgroup.log  %(?-i)USER-ID:|EXCEPTION: IGNORE=kilobyte
> group=junkgroup
>
> In case it matters, this is the only Hobbit server running on CentOS 4.3/i386.
> Version==4.2RC1-20060712