[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Alerts - HOSTS matching regular expressions.
- To: hobbit (at) hswn.dk
- Subject: Re: Alerts - HOSTS matching regular expressions.
- From: Kii NODA <kii.noda (at) gmail.com>
- Date: Sun, 31 Jan 2010 09:13:52 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=FjDiqSHfIktswzCF2O4GR1ioNdY6eSNZTKtymDWd4GI=; b=l+BBXMmR3/zrSX1rHGQlPJHeibR/bsEiwLpgP52R7L1A3RTl0g4AywNP++XDqQK4dd 8MhvB/Coj1BCs/nDbyHfvgAJ2eIGJucQ8RBSRHY+2ISA7Pk8dbiQyvOaBFrtyFsl5mKT XUXI+bWwDAu3jrDd8l7o4aJrsUclX8yLYZrHA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=XlTZ+te0LYM9mbAfTaKcJPfmNbwYKQj8Fr/VjbVBmuoLSLsOS54+OV7csxaQrKVovS 6dVdCPWddZULogxtcdQEFZvLK9MCHu4UAaEJkWyXAAMYjsBFSmamDTqehQ52W9H94Sfu cHsQ8zXL7VHpETr7ta+Z1HtFBpHVOESDA+EFM=
- References: <86461ff21001281245x17df694el8e00f6cb27ddfaaa (at) mail.gmail.com> <86461ff21001281355o3d263a68v275dc48a646fbc81 (at) mail.gmail.com>
I stand corrected by myself after having been woken up just a few minutes
ago. Seems that using those rules let an alert through. I just tested with
'bbcmd hobbitd-alert --test $HOST disk --color=yellow' and indeed it was not
OK. Changed 'STOP' to 'IGNORE' and it seems to work as expected.
--- cut here ---
MAIL=cto (at) junkyard.tld
--- and here ---
On Thu, Jan 28, 2010 at 11:55 PM, Kii NODA <kii.noda (at) gmail.com> wrote:
> Hi everyone,
> After doing some testing I can say we've elegantly solved the problem
> caused by "HOST=%^asd$" matching both hosts named "asd" and "asdf" despite
> the "$" at the end. We've added a "STOP" rule at the end of the "special"
> rules that only alert CTO & CEO of Junkyard.
> The problem still remains, however.
> The new, most elegant ruleset thus far, follows:
> --- cut here ---
> MAIL=cto (at) junkyard.tld
> MAIL=ceo (at) junkyard.tld
> MAIL=stars (at) sysadmins.tld REPEAT=60 RECOVERED NOTICE COLOR=purple,yellow
> MAIL=stars (at) sysadmins.tld REPEAT=10 RECOVERED NOTICE COLOR=red
> MAIL=cto (at) sysadmins.tld DURATION>60 REPEAT=60 RECOVERED NOTICE
> MAIL=cto (at) sysadmins.tld DURATION>30 REPEAT=60 RECOVERED NOTICE COLOR=red
> --- and here ---
> On Thu, Jan 28, 2010 at 10:45 PM, Kii NODA <kii.noda (at) gmail.com> wrote:
>> Hi everyone,
>> As you may have already been aware by now, we're here to stay. :)
>> Here's one interesting problem (and maybe simple) for you: We've seen that
>> "HOST=%^asd$" matches both hosts named "asd" and "asdf", not respecting the
>> "$" at the end. Can you guys please confirm that regex matching for "HOST="
>> does not care about the "$" sign?
>> For those that need some expanded case-study (all others can now stop),
>> here's the story behind: we are managing various servers of ours and our
>> customers. Due to the fact that we do not control DNS entries for all these
>> machines we have come up with a naming scheme like this:
>> --- cut here ---
>> junkyard-starbox # clientID=junkyard, starbox=actual machine
>> junkyard-starbox-v_trash # v_trash=vserver named trash running on starbox
>> junkyard-starbox-v_trashcan # v_trashcan=vserver named trashcan running on
>> junkyard-starbox-x_dustbin # x_dustbin=xen server running on starbox
>> --- and here ---
>> We need to send these "special" alerts:
>> * ONLY cto (at) junkyard.tld for events on junkyard-starbox-v_trash
>> * ONLY ceo (at) junkyard.tld for events on junkyard-starbox-x_dustbin
>> Also, we need to send these alerts for all other hosts & events:
>> * stars (at) sysadmins.tld for purple, yellow & red w/ REPEAT=60
>> * cto (at) sysadmins.tld for red w/ DURATION>30 and REPEAT=60
>> * cto (at) sysadmins.tld for yellow&purple w/ DURATION>60 and REPEAT=60
>> Exercising our brain muscles we came up with these:
>> --- cut here ---
>> #alert CTO for v_trash
>> MAIL=cto (at) junkyard.tld
>> #alert CEO for x_dustbin
>> MAIL=ceo (at) junkyard.tld
>> #stop alerting for the private boxes above
>> IGNORE HOST=%^junkyard-starbox-(v_trash|x_dustbin)$
>> HOST=* COLOR=purple,yellow
>> MAIL=stars (at) sysadmins.tld REPEAT=60 RECOVERED NOTICE
>> MAIL=cto (at) sysadmins.tld DURATION>60 REPEAT=60 RECOVERED NOTICE
>> HOST=* COLOR=red
>> MAIL=stars (at) sysadmins.tld REPEAT=10 RECOVERED NOTICE
>> MAIL=cto (at) sysadmins.tld DURATION>30 REPEAT=60 RECOVERED NOTICE
>> --- and here ---
>> However, even with the "$" at the end of our regex we are no longer
>> receiving any alerts for v_trashcan because the regex wrongly matches on the
>> "IGNORE HOST=" line. We could use 2 lines to match each host on its own line
>> but that's not the point of this exercise.
>> So, can anyone confirm our finding?