We're using Jira for ticketing, and Xymon for monitoring. Jira allows opening tickets via email, so we have a one-way communication.
I've been asked (by someone coming from the world of Nagios) to investigate opening tickets on *ACKNOWLEDGE*.
His reasoning is that if a ticket is opened on ACK, it is clear that every acked alert has a ticket and it is clear what ticket goes with the ack, and all tickets will have owners.
If we open a ticket via email it might or might not have an owner right away, and there's no way to match the ticket with the dot on the screen. Also if we open tickets via email, we get multiple tickets when a service *flaps*, such as a disk that is cyclically going above the limits.
Has anyone else worked with these issues? Thoughts I have so far:
process. Make sure that everyone who takes a ticket also acks the alert manually with the ticket number. This is clunky.
hook into the email ack (not currently enabled). When procmail parses the ack, trigger the ticket open email. Difficulty: alerts.cfg has logic to control which group gets which tickets; with procmail I am starting from scratch.
switch to Nagios (Not a short term project but it's on the table)
use a custom alert script that both sends the ticket email and sends an email ack. (difficulty: multiple tickets for a flapping service would do ... what?) (I think this is the most promising idea so far...)
Interested in any ideas, thoughts, and ramblings on the subject(s)