Newbie: some alerts not firing
Can anyone tell me why these alerts aren't firing? Running xymon 4.3.0 on Oracle Linux. The services are alerting and the generic paging rules are sending alerts for them; these rules are supposed to email particular teams in addition.
(am I wrong in thinking that more than one rule can match a particular alert?)
HOST=db* EXHOST=*dl2* SERVICE=oradb,orasys,oradns MAIL dba-support REPEAT=1d RECOVERED # email dba's in addition to above
HOST=redirect* EXSERVICE=msgs MAIL redirectteam at example.com REPEAT=1d RECOVERED
If anyone wants to see the entire alerts.cfg I stuck it at http://pastebin.com/RWAqKnHQ (minus the comment lines at the top)
Well first, if you are using wildcards in hostnames, you need a % before it.
HOST=%db* EXHOST=%*db*
Second, if you want to see what the alerts is supposed to do, use hobbitd_alert. Oh, wait, 4.3.0, I guess that would be xymond_alert to test. Should be found in ~/server/bin
xymond_alert --test <hostname> <test>
I generally pipe that to grep -v Failed just to cut down on extraneous output. There are plenty of parameters for it, so read the man page. --duration is useful, etc.
Personally, I've moved away from wildcard hostnames. Sometimes it seems inconsistant to me.
Paul.
Paul Root Lead Internet Systems Eng Qwest Network Services
-----Original Message----- From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Elizabeth Schwartz Sent: Thursday, March 24, 2011 8:31 AM To: xymon at xymon.com Subject: [Xymon] Newbie: some alerts not firing
Can anyone tell me why these alerts aren't firing? Running xymon 4.3.0 on Oracle Linux. The services are alerting and the generic paging rules are sending alerts for them; these rules are supposed to email particular teams in addition.
(am I wrong in thinking that more than one rule can match a particular alert?)
HOST=db* EXHOST=*dl2* SERVICE=oradb,orasys,oradns MAIL dba-support REPEAT=1d RECOVERED # email dba's in addition to above
HOST=redirect* EXSERVICE=msgs MAIL redirectteam at example.com REPEAT=1d RECOVERED
If anyone wants to see the entire alerts.cfg I stuck it at http://pastebin.com/RWAqKnHQ (minus the comment lines at the top)
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
On Thu, 2011-03-24 at 08:47 -0500, Root, Paul wrote:
Well first, if you are using wildcards in hostnames, you need a % before it.
HOST=%db* EXHOST=%*db*
Of course, those particular patterns (being regular expressions) probably won't work correctly. I might suggest: HOST=%^db EXHOST=%dl2
The * in glob-syntax is superfluous when dealing with regular expressions. These now read "any host that begins with db except those that have dl2 anywhere in the name"
-- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
Thank you all!!
HOST=%db* EXHOST=%*db* "any host that begins with db except those that have dl2 anywhere in the name"
That is what I want, alert on this event on all the database hosts except the ones with dl2 anywhere in their names.
xymond_alert --test <hostname> <test> I generally pipe that to grep -v Failed just to cut down on extraneous output. There are plenty of parameters for it, so read the man page. --duration is useful, etc.
thanks, that is a HUGE help. I had not been familiar with this. Gave me some other stuff to look at, too
Looks like the redirect page is working now, but will take a real red to feel 100% confident. (although as a sysadmin I hope it stays green...)
thanks again. I am loving this list Betsy
Hm OK I updated the rules, now puzzled about why this one is alerting:
00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.example.com:vmio:' against rule line 146 00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2* SERVICE=vmio' *** 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.e-dialog.com:vmio:' against rule line 147 00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d RECOVERED' ***
Fiona alerted for vmio and is paging. Fiona does not have the string "db" anywhere in its name. (I replaced my company with example but the company name doesn't have a db in it either)
later on I get 00020753 2011-03-24 12:58:09 Matching host:service:page 'fiona.example.com:vmio:' against rule line 181 00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list)
The regexp is different in that there's a second asterisk, but the machines I want to catch do all start with db...
thanks again Betsy
On Thu, Mar 24, 2011 at 12:59 PM, Elizabeth Schwartz <betsy.schwartz at gmail.com> wrote:
Hm OK I updated the rules, now puzzled about why this one is alerting:
%^db.* <-- use it like that
change this '%*dl2*' to '%.*dl2.*' if that is what you wanted.
Also use pcretest to verify if it is matching the right host
00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.example.com:vmio:' against rule line 146 00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2* SERVICE=vmio' *** 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.e-dialog.com:vmio:' against rule line 147 00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d RECOVERED' ***
Fiona alerted for vmio and is paging. Fiona does not have the string "db" anywhere in its name. (I replaced my company with example but the company name doesn't have a db in it either)
later on I get 00020753 2011-03-24 12:58:09 Matching host:service:page 'fiona.example.com:vmio:' against rule line 181 00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list)
The regexp is different in that there's a second asterisk, but the machines I want to catch do all start with db...
thanks again Betsy
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Elizabeth,
Hm OK I updated the rules, now puzzled about why this one is alerting:
00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.example.com:vmio:' against rule line 146 00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2* SERVICE=vmio' *** 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.e-dialog.com:vmio:' against rule line 147 00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d RECOVERED' ***
Fiona alerted for vmio and is paging. Fiona does not have the string "db" anywhere in its name. (I replaced my company with example but the company name doesn't have a db in it either)
In regular expressions, '*' is not a wildcard - it means "match the preceding pattern 0 or more times, so 'db*' matches 'd' followed by any number of 'b' characters. %db* is not anchored (it can match anywhere), so at a minimum if there is a single 'd' anywhere in the host name (including the domain) it will match - in effect the '%db*' is equivalent to '%d'
The equivalent of a wildcard is '.*' - '.' matches any character, '*' matches 0 or more times. When the regular expression is not anchored (i.e. tied to matching at a particular position), '.*' and the start or end is redundant. If you want to make a pattern fully anchored, use something like: HOST=%^db.*$ '^' means match from the beginning of the string. '$' matches the end of the string.
later on I get 00020753 2011-03-24 12:58:09 Matching host:service:page 'fiona.example.com:vmio:' against rule line 181 00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list)
The regexp is different in that there's a second asterisk, but the machines I want to catch do all start with db... HOST=%*db* isn't a valid regular expression, so it won't match anything. The first '*' has no preceding pattern. Possibly it might be interpreted as match a '*' character, which will won't match. If you want to match any host containing 'db' use HOST=%db (or HOST=%^.*db.*$ as anchored version). Strictly speaking, if you want to match 'db' in only the host and not the domain, you could do HOST=%[^.]*db - match from the start of the string any number of characters that aren't '.' followed by 'db'
Regular expressions are far more powerful than simple wildcards, but the syntax for simple matches is different.
A rundown on regular expressions is here: http://en.wikipedia.org/wiki/PCRE http://perldoc.perl.org/perlre.html
David.
-- David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au Leverrier Street Bruce ACT 2617
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au
This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
participants (5)
-
betsy.schwartz@gmail.com
-
Dan.McDonald@austinenergy.com
-
david.baldwin@ausport.gov.au
-
Paul.Root@qwest.com
-
vadud3@gmail.com