Alert rules, clarification on STOP

20 Jun 2013

      Env: Ubuntu 12.04
Xymon 4.3.0
All of my alert rules run external scripts for email/page/etc.
I have the alerts.cfg file setup with the most granular items at the top (host specific, followed by page specific).
When I have a rule such as:
HOST=webserver1,webserver2 SERVICE=procs COLOR=red,yellow
SCRIPT /home/xymon/server/ext/pg/exalert_web exalert_web REPEAT=30 COLOR=red FORMAT=TEXT DURATION>240
SCRIPT /home/xymon/server/ext/pg/exdigest_web exdigest_web REPEAT=120 FORMAT=TEXT DURATION>120
STOP
I expect that any alert for "procs" that matches red/yellow will run those scripts if it fits the DURATION or REPEAT rule.  If those have not been satisfied, then I expect the searching of rules to go no farther.  Well, it seems that STOP doesn't really mean STOP.
In my "info" screen where it shows what alerts are triggered for "procs" I see this:
procs   exalert_web     4h      -       30m     -       red
exdigest_web (S)        2h      -       2h      -       yellow,red
BMC_BEM (R)     30m     -       3d      -       yellow
BMC_BEM (R)     -       -       1d      -       red
exalert_OTHCRIT 15m     -       15m     -       red
Exwarn_OTHCRIT  15m     -       3d      -       yellow
exdigest_OTHCRIT (S)    15m     -       2h      -       yellow,red
The items in white above (first 2 lines if the colors don't appear correctly) are what I expect to run and nothing else.  The final 5 items (in blue, again if the colors show up correctly) are rules that would match the page etc.
Why are rules being processed beyond the STOP?
Why are some in blue (I've always wondered this)?
And, as long as I am asking, what does the "(S)" represent?
Thanks,
John
Upcoming PTO: None

John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
312.693.3136 office

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.

www.accenture.com

john.r.rothlisberger＠accenture.com

tags

participants (1)