Hm OK I updated the rules, now puzzled about why this one is alerting:
00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.example.com:vmio:' against rule line 146 00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2* SERVICE=vmio' *** 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.e-dialog.com:vmio:' against rule line 147 00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d RECOVERED' ***
Fiona alerted for vmio and is paging. Fiona does not have the string "db" anywhere in its name. (I replaced my company with example but the company name doesn't have a db in it either)
later on I get 00020753 2011-03-24 12:58:09 Matching host:service:page 'fiona.example.com:vmio:' against rule line 181 00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list)
The regexp is different in that there's a second asterisk, but the machines I want to catch do all start with db...
thanks again Betsy