More analysis.cfg vs alerts.cfg fun
Hi folks. I'm still trying to clean up the analysis.cfg and alerts.cfg files to get emails going the way we expect them to when things happen. In the example below, I have a group in analysis.cfg called SRMDBASE. In alerts.cfg I set up a macro called $MAC_SRMDBASE. I want any PROC or SVC alerts for the host called FileMaker01 to send an email to the srmdbase email address. So in alerts I have the section GROUP=SRMDBASE $MAC_SRMDBASE
We stopped the PROC fmserver.exe on filemaker01 host and the SRMINFRA team got an email but the srmdbase team didn't.
Can someone point me to some insight ?
Thanks!
Don K
PS – here are configuration samples from analysis.cfg and alerts.cfg
I reference groups called SRMDBASE, SRMINFRA, and SRMAPPS in the analysis.cfg file as below:
FileMaker Dev Server
HOST=FileMaker01 GROUP=SRMDBASE PROC fmadminserver.exe 1 1 PROC fmserver.exe 1 1 PROC fmshelper.exe 1 1 PROC fmxdbc_listener.exe 1 1 PROC inetinfo.exe 1 1 SVC GxCVD(Instance001) status=started startup=automatic SVC GxEvMgrC(Instance001) status=started startup=automatic SVC FileMaker_Server status=started startup=automatic
In the alerts.cfg file I setup macros named MAC_SRMDBASE, MAC_SRMINFRA, and MAC_SRMAPPS
These macro defintions are below:
MACRO DEFINITIONS GO HERE
USE $MAC_ for the prefix on any macro defintion so it is easily identified as a macro
$MAC_SRMAPPS=SCRIPT /home/xymon/server/ext/html_mail.pl srmapps at company.com FORMAT=TEXT
$MAC_SRMDBASE=SCRIPT /home/xymon/server/ext/html_mail.pl srmdbase at company.com FORMAT=TEXT
$MAC_SRMINFRA=SCRIPT /home/xymon/server/ext/html_mail.pl srminfra at company.com FORMAT=TEXT
Lower in the alerts.cfg file I refer to the Macros created by using a GROUP declaration and then the MACRO as below: GROUP=SRMDBASE $MAC_SRMDBASE
SERVICE ALERTS GO HERE
SERVICE=cpu,disk,memory,procs TIME=W:0800:1600 RECOVERED $MAC_SRMINFRA
PAGE ALERTS GO HERE
PAGE=Applications/app1/app1prod TIME=W:0800:1600 RECOVERED $MAC_SRMAPPS
HERE IS THE BASE ANALYSIS.CFG FILE:
#RULE is host time etc host=* TIME:W:0800:1600
This Setting says to ignore any disk that starts with /Volumes
DISK %\/Volumes* IGNORE
This setting is to monitor cron only on Unix or Redhat systems - not windows or mac
PROC cron GROUP=SRMINFRA EXCLASS=win32,darwin
This setting is for Unix / MAC server systems
LOAD 8.0 12.0 GROUP=SRMINFRA EXCLASS=win32
###########
6/5/12 Adding in specific host analysis criteria
For Service monitoring - name of host and svc is CASE-sensitve
Can get values out of xymon by clicking on the server's info proc or svcs link
SERVER for various AFP Shares
HOST=AFPServer01 PROC adclient PROC adbindd PROC cnid_dbd PROC nmbd PROC smbd PROC winbindd
FileMaker Dev Server
HOST=FileMaker01 GROUP=SRMDBASE PROC fmadminserver.exe 1 1 PROC fmserver.exe 1 1 PROC fmshelper.exe 1 1 PROC fmxdbc_listener.exe 1 1 PROC inetinfo.exe 1 1 SVC GxCVD(Instance001) status=started startup=automatic SVC GxEvMgrC(Instance001) status=started startup=automatic SVC FileMaker_Server status=started startup=automatic
HOST=SQL01 GROUP=SRMDBASE MEMSWAP 75 90 SVC ReportServer status=started startup=automatic SVC MSSQLSERVER status=started startup=automatic
SVC SQLBrowser status=started startup=automatic
SVC SQLSERVERAGENT status=started startup=automatic
SVC SQLWriter status=started startup=automatic
PORT STATE=LISTENING LOCAL=%[.:](1433)$ MIN=1 TEXT=SQL_Port_1433
PROC ReportingServicesService.exe 1 1
PROC sqlservr.exe 1 1 TEXT=SQLServerMYSQL Servers
HOST=mysql1.company.com,mysql2.company.com,mysql3.company.com GROUP=SRMDBASE PORT STATE=LISTEN LOCAL=%.:$ TEXT=MySQL Ports PROC mysqld 1 TEXT=MySQL Process DISK * 98 100
This is for windows servers
CLASS=win32 GROUP=SRMINFRA MEMSWAP 75 90 DISK G 101 101 LOAD 92 97 # Load thresholds are in % PROC BBWin.exe 1 1 SVC BBWin status=started startup=automatic PORT STATE=LISTENING MIN=0 TRACK=Listen TEXT=Listen
DEFAULT # These are the defaults if not over-ridden above. UP 1h LOAD 8.0 12.0 GROUP=SRMINFRA DISK * 95 97 GROUP=SRMINFRA MEMPHYS 100 101 MEMSWAP 50 80 MEMACT 90 97
participants (1)
-
Don.Kuhlman@schawk.com