Heh, as usual, I figured out the answer to my own obscure question. It appears that you _can't_ have multiple EXHOST entries per line. However, this is no big deal, as I simply changed the way the alert rules were set up. With this setup, there's even no need to change to code to allow for multiple HOST or EXHOST entries per line. ***New alert rules that WORK*** $MARK_STAG=^marketing-stag-.* $INFRA_STAG=^infra-stag-.* HOST=%(.*-stag.*) EXHOST=%($MARK_STAG|$INFRA_STAG) TIME=*:0800:2100 RECOVERED DURATION>11m SCRIPT $SMSPLUS $WLI_STAGMAN_EMAIL REPEAT=1h HOST=%$MARK_STAG TIME=*:0800:2100 RECOVERED SCRIPT $SMSPLUS $WLI_MKT_STAG_EMAIL REPEAT=1h HOST=%$INFRA_STAG TIME=*:0800:2100 RECOVERED SCRIPT $SMSPLUS $WLI_INFRA_STAG_EMAIL REPEAT=1h On Mon, Mar 24, 2008 at 1:02 PM, Gary Baluha <gumby3203 at gmail.com> wrote:
I must be missing something stupid as I've been staring at this and can't figure out what's wrong. I have the following alert rules set up:
HOST=%(.*-stag-.*) EXHOST=%^(marketing-stag-.*) EXHOST=%^(infra-stag-.*) TIME=*:0800:2100 RECOVERED DURATION>11m SCRIPT $SMSPLUS $WLI_STAGMAN_EMAIL REPEAT=1h
HOST=%^(marketing-stag-.*) TIME=*:0800:2100 RECOVERED SCRIPT $SMSPLUS $WLI_MKT_STAG_EMAIL REPEAT=1h
HOST=%^(infra-stag-.*) TIME=*:0800:2100 RECOVERED SCRIPT $SMSPLUS $WLI_INFRA_STAG_EMAIL REPEAT=1h
The problem is that the EXHOST doesn't appear to be working the way I expect it to. When I do a hobbitd_alert --test on "marketing-stag-1", it shows the first HOST line (the one with the EXHOSTs) as matching and alerting.
$> bbcmd hobbitd_alert --test marketing-stag-1 Managed-Server --duration=800 . . . 12:50:51 Matching host:service:page 'marketing-stag-1:Managed-Server:wblx-staging' against rule line 388 12:50:51 *** Match with 'HOST=$WLI_MANAGED_STAG EXHOST=$WLI_MKTING_STAG EXHOST=$WLI_INFRA_STAG TIME=*:0800:2100 RECOVERED DURATION>11m' *** 12:50:51 Matching host:service:page 'marketing-stag-1:Managed-Server:wblx-staging' against rule line 388 12:50:51 *** Match with 'HOST=$WLI_MANAGED_STAG EXHOST=$WLI_MKTING_STAG EXHOST=$WLI_INFRA_STAG TIME=*:0800:2100 RECOVERED DURATION>11m' *** 12:50:51 Script alert with command '/var/hobbit/server/ext/smsplus' and recipient abc at mydomain.com 12:50:51 Matching host:service:page 'marketing-stag-1:Managed-Server:wblx-staging' against rule line 390 12:50:51 *** Match with 'HOST=$WLI_MKTING_STAG TIME=*:0800:2100 RECOVERED' *** 12:50:51 Matching host:service:page 'marketing-stag-1:Managed-Server:wblx-staging' against rule line 390 12:50:51 *** Match with 'HOST=$WLI_MKTING_STAG TIME=*:0800:2100 RECOVERED' *** 12:50:51 Script alert with command '/var/hobbit/server/ext/smsplus' and recipient def at mydomain.com 12:50:51 Matching host:service:page 'marketing-stag-1:Managed-Server:wblx-staging' against rule line 392 12:50:51 Failed 'HOST=$WLI_INFRA_STAG TIME=*:0800:2100 RECOVERED' (hostname not in include list) . . .
I've tried the regex with and without the "^", and it doesn't seem to have an effect. Any ideas what I'm missing? Without the "--duration=800", the first HOST line doesn't match (as expected).