Hi folks. I'm still trying to clean up the analysis.cfg and alerts.cfg files to get emails going the way we expect them to when things happen. In the example below, I have a group in analysis.cfg called SRMDBASE. In alerts.cfg I set up a macro called $MAC_SRMDBASE. I want any PROC or SVC alerts for the host called FileMaker01 to send an email to the srmdbase email address. So in alerts I have the section GROUP=SRMDBASE $MAC_SRMDBASE
We stopped the PROC fmserver.exe on filemaker01 host and the SRMINFRA team got an email but the srmdbase team didn't.
Can someone point me to some insight ?
Thanks!
Don K
PS – here are configuration samples from analysis.cfg and alerts.cfg
I reference groups called SRMDBASE, SRMINFRA, and SRMAPPS in the analysis.cfg file as below:
FileMaker Dev Server
HOST=FileMaker01 GROUP=SRMDBASE PROC fmadminserver.exe 1 1 PROC fmserver.exe 1 1 PROC fmshelper.exe 1 1 PROC fmxdbc_listener.exe 1 1 PROC inetinfo.exe 1 1 SVC GxCVD(Instance001) status=started startup=automatic SVC GxEvMgrC(Instance001) status=started startup=automatic SVC FileMaker_Server status=started startup=automatic
In the alerts.cfg file I setup macros named MAC_SRMDBASE, MAC_SRMINFRA, and MAC_SRMAPPS
These macro defintions are below:
MACRO DEFINITIONS GO HERE
USE $MAC_ for the prefix on any macro defintion so it is easily identified as a macro
$MAC_SRMAPPS=SCRIPT /home/xymon/server/ext/html_mail.pl srmapps at company.com FORMAT=TEXT
$MAC_SRMDBASE=SCRIPT /home/xymon/server/ext/html_mail.pl srmdbase at company.com FORMAT=TEXT
$MAC_SRMINFRA=SCRIPT /home/xymon/server/ext/html_mail.pl srminfra at company.com FORMAT=TEXT
Lower in the alerts.cfg file I refer to the Macros created by using a GROUP declaration and then the MACRO as below: GROUP=SRMDBASE $MAC_SRMDBASE
SERVICE ALERTS GO HERE
SERVICE=cpu,disk,memory,procs TIME=W:0800:1600 RECOVERED $MAC_SRMINFRA
PAGE ALERTS GO HERE
PAGE=Applications/app1/app1prod TIME=W:0800:1600 RECOVERED $MAC_SRMAPPS
HERE IS THE BASE ANALYSIS.CFG FILE:
#RULE is host time etc host=* TIME:W:0800:1600
This Setting says to ignore any disk that starts with /Volumes
DISK %\/Volumes* IGNORE
This setting is to monitor cron only on Unix or Redhat systems - not windows or mac
PROC cron GROUP=SRMINFRA EXCLASS=win32,darwin
This setting is for Unix / MAC server systems
LOAD 8.0 12.0 GROUP=SRMINFRA EXCLASS=win32
###########
6/5/12 Adding in specific host analysis criteria
For Service monitoring - name of host and svc is CASE-sensitve
Can get values out of xymon by clicking on the server's info proc or svcs link
SERVER for various AFP Shares
HOST=AFPServer01 PROC adclient PROC adbindd PROC cnid_dbd PROC nmbd PROC smbd PROC winbindd
FileMaker Dev Server
HOST=FileMaker01 GROUP=SRMDBASE PROC fmadminserver.exe 1 1 PROC fmserver.exe 1 1 PROC fmshelper.exe 1 1 PROC fmxdbc_listener.exe 1 1 PROC inetinfo.exe 1 1 SVC GxCVD(Instance001) status=started startup=automatic SVC GxEvMgrC(Instance001) status=started startup=automatic SVC FileMaker_Server status=started startup=automatic
HOST=SQL01 GROUP=SRMDBASE MEMSWAP 75 90 SVC ReportServer status=started startup=automatic SVC MSSQLSERVER status=started startup=automatic
SVC SQLBrowser status=started startup=automatic
SVC SQLSERVERAGENT status=started startup=automatic
SVC SQLWriter status=started startup=automatic
PORT STATE=LISTENING LOCAL=%[.:](1433)$ MIN=1 TEXT=SQL_Port_1433
PROC ReportingServicesService.exe 1 1
PROC sqlservr.exe 1 1 TEXT=SQLServerMYSQL Servers
HOST=mysql1.company.com,mysql2.company.com,mysql3.company.com GROUP=SRMDBASE PORT STATE=LISTEN LOCAL=%.:$ TEXT=MySQL Ports PROC mysqld 1 TEXT=MySQL Process DISK * 98 100
This is for windows servers
CLASS=win32 GROUP=SRMINFRA MEMSWAP 75 90 DISK G 101 101 LOAD 92 97 # Load thresholds are in % PROC BBWin.exe 1 1 SVC BBWin status=started startup=automatic PORT STATE=LISTENING MIN=0 TRACK=Listen TEXT=Listen
DEFAULT # These are the defaults if not over-ridden above. UP 1h LOAD 8.0 12.0 GROUP=SRMINFRA DISK * 95 97 GROUP=SRMINFRA MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97