Den 30-03-2017 13:01, Even Hauge Juberg skrev:
This has sent, since yesterday, 200 OK messages to my inbox. The result from the -dump-config looks like it would produce the result I want and need, but it just will not stop with the annoying "OK" messages.
Add the "--cfid" option to xymond_alert (in tasks.cfg). Then either restart Xymon entirely, or do a "kill -HUP " on the xymonlaunch process and then kill the existing xymond_alert process (it will then automatically restart with the new option enabled).
Next time you get one of these messages, the mail subject will include the linenumber of the rule in alerts.cfg which triggered the message.
Regards,
Henrik
FRA: Xymon [mailto:xymon-bounces at xymon.com] P VEGNE AV Henrik Størner SENDT: torsdag 30. mars 2017 12.12 TIL: xymon at xymon.com EMNE: Re: [Xymon] Annyoing logic in alerts.cfg
Den 27-03-2017 14:04, Even Hauge Juberg skrev:
*snippet from my alerts.cfg*
_HOST=* RECOVERED=1_
_ IGNORE HOST=*_
_HOST=one-host SERVICE=http_
_ MAIL _someuser at domain.local [1]_ COLOR=red_
_ MAIL _someuser at domain.local [2]_ DURATION>5 COLOR=red_
Several problems here.
- "IGNORE" is for a recipient. If you want
to exclude a host it is "EXHOST=". But having a "HOST=* EXHOST=*" does not make sense.
- It is "RECOVERED" by itself, not "RECOVERED=1".
- Judging from the whitespace (the blank line), you want the first "HOST=*" to be a rule by itself. It is not, a rule must have a recipient (MAIL or SCRIPT). So all of what you have from this bit of alerts.cfg go into one rule, and probably ends up being interpreted as all "http" alerts going to the two mail addresses, and both of them receiving recovery notifications. Try running "xymoncmd xymond_alert --dump-config" and see how the parsed configuration looks.
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
If you don't want any messages about recovered hosts, just dont put "RECOVERED" anywhere in your config. They are not enabled by default.
Links:
[1] mailto:someuser at domain.local [2] mailto:someuser at domain.local [3] mailto:adam at example.com [4] mailto:eve at example.com [5] mailto:adam at example.com [6] mailto:eve at example.com