On Wed, Oct 26, 2005 at 09:52:40AM -0700, Charles Jones wrote:
Henrik Stoerner wrote:
Default rule (1)
HOST=$ALL_HOSTS SERVICE=* COLOR=red EXHOST=dataproc1.mydomain.com MAIL alert at mydomain.com TIME=*:0800:1700
Outside office hours, mail alerts to a different address (4)
MAIL alternate at mydomain.com TIME=*:1700:0800
Outside office hours, send to my cell phone (5)
MAIL mycell at cellphone.com FORMAT=sms DURATION>30 TIME=*:1700:0800
and the specific rules for that host:
Load avg alerts only from 10am -> 6am
HOST=dataproc1.mydomain.com SERVICE=la TIME=*:1000:0600 MAIL alert at mydomain.com TIME=*:0800:1700 MAIL alternate at mydomain.com TIME=*:1700:0800 MAIL mycell at cellphone.com FORMAT=sms DURATION>30 TIME=*:1700:0800
All other services alert like the normal default rule.
HOST=dataproc1.mydomain.com EXSERVICE=la MAIL alert at mydomain.com TIME=*:0800:1700 MAIL alternate at mydomain.com TIME=*:1700:0800 MAIL mycell at cellphone.com FORMAT=sms DURATION>30 TIME=*:1700:0800
This has me a bit confused. The default rule I understand, as it's the normal rule except its excluding the dataproc1 host. The specific rules though, the first one, has a TIME specification in the HOST= line, indicating from 6am-10am
No, the TIME=*:1000:0600 makes the rule apply from 10am until 6am *the next day*. If you wanted a rule that works from 6am-10am, it would be TIME=*:0600:1000, with the two time-specs reversed.
Note: the way I handle this in BigBrother is via an exclude rule, basically when you define a rule with a ! in front of it, it removes that host/service from the FINAL match list. Hopefully you can implement something in Hobbit for a similar effect.
What I've done now (you can grab it from the snapshot that is generated later tonight - 5 hours from now) would allow you to setup those rules like this:
Default rule (1)
HOST=$ALL_HOSTS SERVICE=* COLOR=red # Ignore "cpu" alerts from dataproc1 in the morning IGNORE HOST=dataproc1.mydomain.com SERVICE=cpu TIME=*:0600:1000 # During office hours, alert to the mailbox. MAIL alert at mydomain.com TIME=*:0800:1700 # Outside office hours, mail alerts to a different address (4) MAIL alternate at mydomain.com TIME=*:1700:0800 # Outside office hours, send to my cell phone (5) MAIL mycell at cellphone.com FORMAT=sms DURATION>30 TIME=*:1700:0800
"IGNORE" is a special recipient definition - like MAIL and SCRIPT - so you can apply all of the host-, service- and time-filters etc to it. If the IGNORE recipient triggers, it doesn't trigger an alert - and it stops Hobbit looking for more recipients (like the STOP flag).
Regards, Henrik