In <4ADE2280.2020302 at ipacc.com> Bill Wagner <william.wagner at ipacc.com> writes:
I have rules defined for many of my 300+ hosts ( a mix of windows and unix servers scattered throughout, and interleaved across, multiple pages. I want to define a default rule for hosts so that, for example, every conn alert goes to my unix administrators. I have experimented with several solutions which do not yield the desired result. e.g.:
HOST=* EXHOST=<> # I can't explicitly list all hosts (too many) and tried macros consisting of wildcard host names MAIL ...
HOST=* EXHOST=<> MAIL ... UNMATCHED
if I use only HOST=* then I end up with multiple (sometimes redundant) recipients for some hosts and no recipients for hosts not previously explicitly defined.
Not sure if I understand you correctly, but I *think* you want a default rule that triggers only if there are no other rules that apply. Correct ?
In that case, the following should do it:
HOST=* SERVICE=conn
MAIL unixadmin at foo.com UNMATCHEDThe UNMATCHED keyword means that this alert only triggers if no other rules applied.
Regards, Henrik