Ive an alert for msgs (var/log/messages entries) that I desire to have paged in office hours only Thing is its only linux clients that need this check., not windows clients.
So if I set a stadard style alerts.cfg entry
HOST=* SERVICE=msgs TIME=w:0800:1830 COLOR=red MAIL monitor at us.com of course if any windows msgs go red (constantly... zzzz) then they will page also, which is not the required outcome.
There is the option I see of something like
alerts.cfg: GROUP=SSSD_MSGS TIME=w:0800:1830 COLOR=red MAIL monitor at us.com analysis.cfgdefault section LOG %/var/log/messages "%TEST" COLOR=red GROUP=SSSD_MSGS [ search string here of course being TEST ]
but that does exactly the same thing.
So - aside from adding that LOG line to umpteen individual analysis.cfg entries for each linux server, or a single section listing all the linux servers ... is there a way to curtail this check to only linux servers (or more likely a bunch of hostnames of course). Somewhere it seems we'd have to manulayy maintain the correct "list" of hostnames to be caught - Im just trying to minimise the overhead.
I had considered using a yellow alert to alert the LOG check... but other "things" also issue yellow alerts and we don;t want to trigger them either.
I can;t see a way out of this? didds