On Wed, Mar 02, 2005 at 02:46:06PM -0500, Kevin.Hanrahan at novainfo.com wrote:
I have an alert rule question. I have the following rule defined:
HOST=$AV MAIL $SYSADMIN COLOR=red EXSERVICE=msgs,cpu REPEAT=30m RECOVERED MAIL $SYSADMIN COLOR=red SERVICE=cpu DURATION>20 REPEAT=30m RECOVERED MAIL $SYSADMIN COLOR=purple REPEAT=1h RECOVERED
I did this because I was tired of getting those Windows event log messages. I no longer get the event log alert or warning messages but I get "recovered" messages for the "msgs" category. I thought the first line would eliminate ALL "msgs" alerts including when it recovers or goes green. Am I thinking about this the wrong way?
No, your thinking is absolutely right. It's a bug in RC4 (and earlier versions) that "recovered" messages are sent even if no alert was sent originally.
I have this fixed now, so relief is on its way.
Regards, Henrik