I have an alert rule question. I have the following rule defined:
HOST=$AV MAIL $SYSADMIN COLOR=red EXSERVICE=msgs,cpu REPEAT=30m RECOVERED MAIL $SYSADMIN COLOR=red SERVICE=cpu DURATION>20 REPEAT=30m RECOVERED MAIL $SYSADMIN COLOR=purple REPEAT=1h RECOVERED
I did this because I was tired of getting those Windows event log messages. I no longer get the event log alert or warning messages but I get "recovered" messages for the "msgs" category. I thought the first line would eliminate ALL "msgs" alerts including when it recovers or goes green. Am I thinking about this the wrong way?
Kevin
Note: The information contained in this email and in any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. The recipient should check this email and any attachments for the presence of viruses. Sender accepts no liability for any damages caused by any virus transmitted by this email. If you have received this email in error, please notify us immediately by replying to the message and delete the email from your computer. This e-mail is and any response to it will be unencrypted and, therefore, potentially unsecure. Thank you. NOVA Information Systems, Inc.