[Xymon] Sanity checking my alert config

[Adam Thorn]

On 29/07/2021 01:20, Shawn Heisey wrote:
> In alerts.cfg, I have this:
> 
> HOST=* COLOR=red,purple SERVICE=msgs
>          MAIL $ADMINMAIL
> HOST=* COLOR=red,purple
>          IGNORE SERVICE=msgs
>          MAIL $ADMINMAIL RECOVERED
> 
> My goal with this is to see alerts for purple and red statuses for all 
> tests, and then get recovery alerts for all tests except msgs.  Did I do 
> the config right for that?

The hostname for HOST= should be either a simple string, or a 
perl-compatible regex (prefixed with a % to indicate that). Thus to 
match all hostnames you could use

HOST=%.*

Your COLOR=red,purple rule appears to just be for the msgs service but 
you said you want alerts for all tests. The same comment applies; you 
can have a rule filter all services with

SERVICE=%.*

but note that a rule in alerts.cfg "consists of one or more filters", 
i.e. a rule for

COLOR=red,purple MAIL $ADMIN

is valid due to having a single COLOR filter, and will implicitly match 
all HOSTs and SERVICEs as none are specified.

Your second rule won't do what you want; IGNORE and MAIL are both 
"recipients" of the matched rule. The IGNORE recipient causes rule 
processing to stop: "when the IGNORE recipient is matched, no more 
recipients will be considered". I don't use RECOVERED but I think you 
want something like

RECOVERED EXSERVICE=msgs MAIL $ADMIN

See man alerts.cfg and in particular the sections describing "RULES" and 
then "RECIPIENTS".

You can test an alerts.cfg file by running:

/usr/lib/xymon/server/bin/xymond_alert  --config=/tmp/test-alerts.cfg 
--test hostname.example.com msgs --color=red --duration=60

which will show you which, if any, of your rules would match and fire an 
alert. I don't know if you can easily test the RECOVERED rule like that 
though.

(Hmm. Actually, trying that with a rule for HOSTS=* seems to match just 
as well as HOSTS=%.* even though the man page suggests to me it shouldn't)

Adam