On 29/01/2024 14:46, Jaap Winius via Xymon wrote:
Hi folks,
Is it possible to write rules for alerts.cfg that are triggered not by state changes for services, such as imap or http, but instead for specific files, libs, ports and procs? If so, what would they look like?
The rules used to trigger alerts.cfg are combinations of things like test name, colour, duration, but not the particular contents of a status message.
If you just want to alert when the procs test has been red for 5 minutes, that's straightforward:
SERVICE=procs COLOR=red DURATION>5 MAIL alert at example.com
If you only want to alert based on the actual contents of a status message, I think you'd need to implement a custom SCRIPT as the alert recipient and have it take whatever action you like based upon the content of $BBALPHAMSG .
The default alerts.cfg provided with xymon contains a pretty full description of how alerting rules work, in combination with "man alerts.cfg":
https://fossies.org/linux/xymon/xymond/etcfiles/alerts.cfg.DIST https://manpages.org/alertscfg/5
Adam