[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Alert HOST + EXHOST rules not working correctly

To: hobbit (at) hswn.dk
Subject: Alert HOST + EXHOST rules not working correctly
From: "Gary Baluha" <gumby3203 (at) gmail.com>
Date: Mon, 24 Mar 2008 13:02:25 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=oHfN1FvradhcBDfT5HgBr4BMA6vdl8NQTIyBcJ7bkc8=; b=Ano67wZ/867rLv0BuvKDu627/im731WZ/bw11MdN3UA3hG5zeVQm0qxE7WQP4IfjBA8ygIl1CN0FbvjdJcwvfY/9UCYpUj6gJAFA0ehC/YKrMKHoEMfLuU1dcXt5pPjmu/vzK/YhtHtuJzJ6hRW1Y2LnNkzPcZGDPNb0LwHUbL0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:mime-version:content-type; b=P8zQ3W2++GlNIQoasCDgWd9/g+NpJYcr5C4U+vVF/0M7nEFhOyu+QT7mdssbe/Kt8/rOMgNhr6pdLSgjV1BC7Qq5htXL4CIquTFQ4lFEMRbgY5b/g8hbgFGdIUsMRxU1ns5tzSbV5khyjlK314OgyZ19kQxPuGIOIsB+hW0Y0iQ=

I must be missing something stupid as I've been staring at this and can't
figure out what's wrong.  I have the following alert rules set up:

HOST=%(.*-stag-.*) EXHOST=%^(marketing-stag-.*) EXHOST=%^(infra-stag-.*)
TIME=*:0800:2100 RECOVERED DURATION>11m
        SCRIPT $SMSPLUS $WLI_STAGMAN_EMAIL REPEAT=1h

HOST=%^(marketing-stag-.*) TIME=*:0800:2100 RECOVERED
        SCRIPT $SMSPLUS $WLI_MKT_STAG_EMAIL REPEAT=1h

HOST=%^(infra-stag-.*) TIME=*:0800:2100 RECOVERED
        SCRIPT $SMSPLUS $WLI_INFRA_STAG_EMAIL REPEAT=1h

The problem is that the EXHOST doesn't appear to be working the way I expect
it to.  When I do a  hobbitd_alert --test on "marketing-stag-1", it shows
the first HOST line (the one with the EXHOSTs) as matching and alerting.

$> bbcmd hobbitd_alert --test marketing-stag-1 Managed-Server --duration=800
. . .
12:50:51 Matching host:service:page
'marketing-stag-1:Managed-Server:wblx-staging' against rule line 388
12:50:51 *** Match with 'HOST=$WLI_MANAGED_STAG EXHOST=$WLI_MKTING_STAG
EXHOST=$WLI_INFRA_STAG TIME=*:0800:2100 RECOVERED DURATION>11m' ***
12:50:51 Matching host:service:page
'marketing-stag-1:Managed-Server:wblx-staging' against rule line 388
12:50:51 *** Match with 'HOST=$WLI_MANAGED_STAG EXHOST=$WLI_MKTING_STAG
EXHOST=$WLI_INFRA_STAG TIME=*:0800:2100 RECOVERED DURATION>11m' ***
12:50:51 Script alert with command '/var/hobbit/server/ext/smsplus' and
recipient abc (at) mydomain.com
12:50:51 Matching host:service:page
'marketing-stag-1:Managed-Server:wblx-staging' against rule line 390
12:50:51 *** Match with 'HOST=$WLI_MKTING_STAG TIME=*:0800:2100 RECOVERED'
***
12:50:51 Matching host:service:page
'marketing-stag-1:Managed-Server:wblx-staging' against rule line 390
12:50:51 *** Match with 'HOST=$WLI_MKTING_STAG TIME=*:0800:2100 RECOVERED'
***
12:50:51 Script alert with command '/var/hobbit/server/ext/smsplus' and
recipient def (at) mydomain.com
12:50:51 Matching host:service:page
'marketing-stag-1:Managed-Server:wblx-staging' against rule line 392
12:50:51 Failed 'HOST=$WLI_INFRA_STAG TIME=*:0800:2100 RECOVERED' (hostname
not in include list)
. . .

I've tried the regex with and without the "^", and it doesn't seem to have
an effect.  Any ideas what I'm missing?  Without the "--duration=800", the
first HOST line doesn't match (as expected).

Follow-Ups:
- Re: Alert HOST + EXHOST rules not working correctly
  - From: Gary Baluha

Prev by Date: Re: [hobbit] Hobbit client - FreeBSD 7
Next by Date: RE: [hobbit] Hobbit client - FreeBSD 7
Previous by thread: Re: [hobbit] Snapshot 23/3 hobbitd_rrd crashes
Next by thread: Re: Alert HOST + EXHOST rules not working correctly
Index(es):
- Date
- Thread