Hi Scott,
The issue looks to be duplicate email alerts being sent out, the same exact alert continuously sent. Do you think its caused my xymon, maybe possible bad config somewhere?
Thanks, Jean
-----Original Message----- From: Scott Birl <scott.birl at temple.edu> Sent: Monday, May 18, 2020 11:40 AM To: xymon at xymon.com Subject: RE: [External] [Xymon] FW: alerts
CAUTION: This message originated from a non UMMS, SOM, or FPI email system. Hover over any links before clicking and use caution opening attachments.
-----Original Message----- From: Hyppolite, Jean <Jean.Hyppolite at umm.edu> Sent: Monday, May 18, 2020 11:19 AM To: Scott Birl <scott.birl at temple.edu>; xymon at xymon.com Subject: RE: [External] [Xymon] FW: alerts
Yes there are also alerts being sent to pagers below
HOST=* SCRIPT /usr/local/bin/smsalert 8000000000 FORMAT=sms TIME=W:0500:2000 RECOVERED SERVICE=conn,disk COLOR=red
Thanks Jean
Alright. Im guessing, based on the TIME, that this is not part of your problem.
Our Xymon server is sending out a lot of excess and some false alerts.
How have you determined that the alerts are false?
It seems that when a server is not reachable it sends the alerts out, but when the server recovers it never sends the recovery message, but keeps sending the down critical messages.
How soon does an event go from green to non-green back to green again? If the time it takes for an event to switch colors is less than the (assumed) DURATION, a (recovery) alert wouldnt fire off -- at least in my years of experience with Xymon (Hobbit, BB).
And idea what may be causing this? Is there a way to look at exactly what alerts are being sent out from the xymon server from xymon?
Have you looked under /var/log (or equivalent location) for Xymon logs? I believe there should be an alert.log file.
-----Original Message----- From: Scott Birl <scott.birl at temple.edu> Sent: Monday, May 18, 2020 11:09 AM To: xymon at xymon.com Subject: RE: [External] [Xymon] FW: alerts
CAUTION: This message originated from a non UMMS, SOM, or FPI email system. Hover over any links before clicking and use caution opening attachments.
From: Hyppolite, Jean <Jean.Hyppolite at umm.edu> Sent: Monday, May 18, 2020 10:52 AM To: Scott Birl <scott.birl at temple.edu> Subject: RE: [External] [Xymon] FW: alerts
Hi
Do you mean this rule below
HOST=* MAIL mailto:myemail at mymail.com FORMAT=TEXT SERVICE=conn,disk,files,memory,svcs REPEAT=20M COLOR=red RECOVERED
Yes, that's a good start. Any other rules that apply to that server?
There's a few things missing that you may want to explicitly set: DURATION, REPEAT, and TIME, all of which are explained in alerts.cfg. That should help curb the excess alerts, and possibly prevent emails from being sent from flapping.
Another suggestion is to break down that rule into multiple rules, ie: HOST=* MAIL mailto:myemail at mymail.com FORMAT=TEXT SERVICE=conn REPEAT=20M COLOR=red RECOVERED MAIL mailto:myemail at mymail.com FORMAT=TEXT SERVICE=disk REPEAT=20M COLOR=red RECOVERED MAIL mailto:myemail at mymail.com FORMAT=TEXT SERVICE=files REPEAT=20M COLOR=red RECOVERED MAIL mailto:myemail at mymail.com FORMAT=TEXT SERVICE=memory REPEAT=20M COLOR=red RECOVERED MAIL mailto:myemail at mymail.com FORMAT=TEXT SERVICE=svcs REPEAT=20M COLOR=red RECOVERED
That would allow you tweak the settings for individual services.
From: Xymon <mailto:xymon-bounces at xymon.com> On Behalf Of Hyppolite, Jean Sent: Monday, May 18, 2020 10:39 AM To: mailto:xymon at xymon.com Subject: [External] [Xymon] FW: alerts
Also To clarify, A lot of alerts we are getting are delayed alerts, alerts that are being sent out hours later
From: Hyppolite, Jean Sent: Monday, May 18, 2020 10:09 AM To: mailto:xymon at xymon.com Subject: alerts
Hello,
Our Xymon server is sending out a lot of excess and some false alerts. It seems that when a server is not reachable it sends the alerts out, but when the server recovers it never sends the recovery message, but keeps sending the down critical messages. And idea what may be causing this? Is there a way to look at exactly what alerts are being sent out from the xymon server from xymon? Also is there a way to configure xymon not to send out email alerts on flapping statuses? Our Xymon server version is: Xymon 4.3.30-1.el7.terabithia
Thanks Jean
From: Scott Birl <mailto:scott.birl at temple.edu> Sent: Monday, May 18, 2020 10:43 AM To: mailto:xymon at xymon.com Subject: RE: [External] [Xymon] FW: alerts
Please post the rules from alerts.cfg for that particular server.
This e-mail and any accompanying attachments may be privileged, confidential, contain protected health information about an identified patient or be otherwise protected from disclosure. State and federal law protect the confidentiality of this information. If the reader of this message is not the intended recipient; you are prohibited from using, disclosing, reproducing or distributing this information; you should immediately notify the sender by telephone or e-mail and delete this e-mail.