Clark, Sean <mailto:sean.clark at twcable.com> wrote:
I just compiled and installed RC1 on a Red Hat EL5.5 server this AM, and have come across a strange issue - don't know if it's my configuration or something with the new version
It seems like it isn't following the DURATION flag for alerts
<snip>
here is the alerts.cfg relevent sections:
128 HOST=% SERVICE=%disk|inode|procs|temperature|bbd|http|conn|ssh 129 MAIL=mailing-list at domain.com DURATION>20 REPEAT=60 COLOR=red RECOVERED
134 HOST=% SERVICE=%disk|inode|procs|temperature 135 MAIL=SMSgateways at txt.att.com TIME=06:0000:2359 DURATION>720 REPEAT=120 COLOR=red RECOVERED 136 MAIL=SMSgateways at txt.att.com TIME=12345:0000:0559 DURATION>720 REPEAT=120 COLOR=red RECOVERED 137 MAIL=SMSgateways at txt.att.com TIME=12345:0600:1759 DURATION>60 REPEAT=120 COLOR=red RECOVERED 138 MAIL=SMSgateways at txt.att.com TIME=12345:1800:2359 DURATION>720 REPEAT=120 COLOR=red RECOVERED
What i am expecting from these rules/matches is
email mailing-list if it's been red for > 20 minutes, and email on recovery
<snip>
What is happening is
When a red even occurs, it immediately sends an email to mailing-list at domain.com , and an email to SMSgateways at txt.att.com
Does anyone know if this is my configuration that needs fixing , or something with 4.3.0?
-Sean
I'm going to come at this one from the other direction and ignore the tests you did which, as Henrik pointed out, are invalid. Instead I'm going to add you, do these e-mails follow reds, which follow yellows for a period greater than DURATION? Perhaps, e.g. your disk is permanently yellow, except for when it goes red, and then the alert triggers straight away? Do you have yellow listed as one of your ALERTCOLORS? If so, then I think this may be the 'cause', though I have posted before about how I think this should be made more flexible....
One question I have if Henrik is reading this is, can I use custom colours, e.g. orange, and put that in ALERTCOLORS instead of yellow? I suppose I could just try it and see what happens (since the only yellows that I want to alert on are custom tests anyway)...
Regards,
SebA No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.449 / Virus Database: 271.1.1/3399 - Release Date: 01/24/11 19:34:00