Alerts - HOSTS matching regular expressions.

4 messages in this thread

list Kii Noda · Thu, 28 Jan 2010 22:45:26 +0200 ·

Hi everyone,

As you may have already been aware by now, we're here to stay. :)

Here's one interesting problem (and maybe simple) for you: We've seen that
"HOST=%^asd$" matches both hosts named "asd" and "asdf", not respecting the
"$" at the end. Can you guys please confirm that regex matching for "HOST="
does not care about the "$" sign?

For those that need some expanded case-study (all others can now stop),
here's the story behind: we are managing various servers of ours and our
customers. Due to the fact that we do not control DNS entries for all these
machines we have come up with a naming scheme like this:

--- cut here ---
junkyard-starbox # clientID=junkyard, starbox=actual machine
junkyard-starbox-v_trash # v_trash=vserver named trash running on starbox
junkyard-starbox-v_trashcan # v_trashcan=vserver named trashcan running on
starbox
junkyard-starbox-x_dustbin # x_dustbin=xen server running on starbox
--- and here ---

We need to send these "special" alerts:
* ONLY user-931218b43962@xymon.invalid for events on junkyard-starbox-v_trash
* ONLY user-239f7abe1b7a@xymon.invalid for events on junkyard-starbox-x_dustbin

Also, we need to send these alerts for all other hosts & events:
* user-c3a820d2604a@xymon.invalid for purple, yellow & red w/ REPEAT=60
* user-6d9e746345af@xymon.invalid for red w/ DURATION>30 and REPEAT=60
* user-6d9e746345af@xymon.invalid for yellow&purple w/ DURATION>60 and REPEAT=60

Exercising our brain muscles we came up with these:
--- cut here ---
#alert CTO for v_trash
HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid

#alert CEO for x_dustbin
HOST=junkyard-starbox-x_dustbin
  MAIL=user-239f7abe1b7a@xymon.invalid

#stop alerting for the private boxes above
HOST=*
  IGNORE HOST=%^junkyard-starbox-(v_trash|x_dustbin)$

HOST=* COLOR=purple,yellow
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=60 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>60 REPEAT=60 RECOVERED NOTICE

HOST=* COLOR=red
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=10 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>30 REPEAT=60 RECOVERED NOTICE
--- and here ---

However, even with the "$" at the end of our regex we are no longer
receiving any alerts for v_trashcan because the regex wrongly matches on the
"IGNORE HOST=" line. We could use 2 lines to match each host on its own line
but that's not the point of this exercise.

So, can anyone confirm our finding?
-- 
kN

list Kii Noda · Thu, 28 Jan 2010 23:55:33 +0200 ·

Hi everyone,

After doing some testing I can say we've elegantly solved the problem caused
by "HOST=%^asd$" matching both hosts named "asd" and "asdf" despite the "$"
at the end. We've added a "STOP" rule at the end of the "special" rules that
only alert CTO & CEO of Junkyard.

The problem still remains, however.

The new, most elegant ruleset thus far, follows:

--- cut here ---
HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid
  STOP

HOST=junkyard-starbox-x_dustbin
  MAIL=user-239f7abe1b7a@xymon.invalid
  STOP

HOST=*
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=60 RECOVERED NOTICE COLOR=purple,yellow
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=10 RECOVERED NOTICE COLOR=red
  MAIL=user-6d9e746345af@xymon.invalid DURATION>60 REPEAT=60 RECOVERED NOTICE
COLOR=purple,yellow
  MAIL=user-6d9e746345af@xymon.invalid DURATION>30 REPEAT=60 RECOVERED NOTICE COLOR=red
--- and here ---

▸ quoted from Kii Noda



On Thu, Jan 28, 2010 at 10:45 PM, Kii NODA <user-d20081af5452@xymon.invalid> wrote:

Hi everyone,

As you may have already been aware by now, we're here to stay. :)

Here's one interesting problem (and maybe simple) for you: We've seen that
"HOST=%^asd$" matches both hosts named "asd" and "asdf", not respecting the
"$" at the end. Can you guys please confirm that regex matching for "HOST="
does not care about the "$" sign?

For those that need some expanded case-study (all others can now stop),
here's the story behind: we are managing various servers of ours and our
customers. Due to the fact that we do not control DNS entries for all these
machines we have come up with a naming scheme like this:

--- cut here ---
junkyard-starbox # clientID=junkyard, starbox=actual machine
junkyard-starbox-v_trash # v_trash=vserver named trash running on starbox
junkyard-starbox-v_trashcan # v_trashcan=vserver named trashcan running on
starbox
junkyard-starbox-x_dustbin # x_dustbin=xen server running on starbox
--- and here ---

We need to send these "special" alerts:
* ONLY user-931218b43962@xymon.invalid for events on junkyard-starbox-v_trash
* ONLY user-239f7abe1b7a@xymon.invalid for events on junkyard-starbox-x_dustbin

Also, we need to send these alerts for all other hosts & events:
* user-c3a820d2604a@xymon.invalid for purple, yellow & red w/ REPEAT=60
* user-6d9e746345af@xymon.invalid for red w/ DURATION>30 and REPEAT=60
* user-6d9e746345af@xymon.invalid for yellow&purple w/ DURATION>60 and REPEAT=60

Exercising our brain muscles we came up with these:
--- cut here ---
#alert CTO for v_trash
HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid

#alert CEO for x_dustbin
HOST=junkyard-starbox-x_dustbin
  MAIL=user-239f7abe1b7a@xymon.invalid

#stop alerting for the private boxes above
HOST=*
  IGNORE HOST=%^junkyard-starbox-(v_trash|x_dustbin)$

HOST=* COLOR=purple,yellow
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=60 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>60 REPEAT=60 RECOVERED NOTICE

HOST=* COLOR=red
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=10 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>30 REPEAT=60 RECOVERED NOTICE
--- and here ---

However, even with the "$" at the end of our regex we are no longer
receiving any alerts for v_trashcan because the regex wrongly matches on the
"IGNORE HOST=" line. We could use 2 lines to match each host on its own line
but that's not the point of this exercise.

So, can anyone confirm our finding?
--
kN

--

kN

list Kii Noda · Sun, 31 Jan 2010 09:13:52 +0200 ·

Hi guys,

I stand corrected by myself after having been woken up just a few minutes
ago. Seems that using those rules let an alert through. I just tested with
'bbcmd hobbitd-alert --test $HOST disk --color=yellow' and indeed it was not
OK. Changed 'STOP' to 'IGNORE' and it seems to work as expected.

--- cut here ---
HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid
  IGNORE
--- and here ---

-- 
kN

▸ quoted from Kii Noda


On Thu, Jan 28, 2010 at 11:55 PM, Kii NODA <user-d20081af5452@xymon.invalid> wrote:

Hi everyone,

After doing some testing I can say we've elegantly solved the problem
caused by "HOST=%^asd$" matching both hosts named "asd" and "asdf" despite
the "$" at the end. We've added a "STOP" rule at the end of the "special"
rules that only alert CTO & CEO of Junkyard.

The problem still remains, however.

The new, most elegant ruleset thus far, follows:

--- cut here ---

HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid
  STOP


HOST=junkyard-starbox-x_dustbin
  MAIL=user-239f7abe1b7a@xymon.invalid
  STOP

HOST=*
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=60 RECOVERED NOTICE COLOR=purple,yellow
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=10 RECOVERED NOTICE COLOR=red
  MAIL=user-6d9e746345af@xymon.invalid DURATION>60 REPEAT=60 RECOVERED NOTICE
COLOR=purple,yellow
  MAIL=user-6d9e746345af@xymon.invalid DURATION>30 REPEAT=60 RECOVERED NOTICE COLOR=red
--- and here ---


On Thu, Jan 28, 2010 at 10:45 PM, Kii NODA <user-d20081af5452@xymon.invalid> wrote:

Hi everyone,

As you may have already been aware by now, we're here to stay. :)

Here's one interesting problem (and maybe simple) for you: We've seen that
"HOST=%^asd$" matches both hosts named "asd" and "asdf", not respecting the
"$" at the end. Can you guys please confirm that regex matching for "HOST="
does not care about the "$" sign?

For those that need some expanded case-study (all others can now stop),
here's the story behind: we are managing various servers of ours and our
customers. Due to the fact that we do not control DNS entries for all these
machines we have come up with a naming scheme like this:

--- cut here ---
junkyard-starbox # clientID=junkyard, starbox=actual machine
junkyard-starbox-v_trash # v_trash=vserver named trash running on starbox
junkyard-starbox-v_trashcan # v_trashcan=vserver named trashcan running on
starbox
junkyard-starbox-x_dustbin # x_dustbin=xen server running on starbox
--- and here ---

We need to send these "special" alerts:
* ONLY user-931218b43962@xymon.invalid for events on junkyard-starbox-v_trash
* ONLY user-239f7abe1b7a@xymon.invalid for events on junkyard-starbox-x_dustbin

Also, we need to send these alerts for all other hosts & events:
* user-c3a820d2604a@xymon.invalid for purple, yellow & red w/ REPEAT=60
* user-6d9e746345af@xymon.invalid for red w/ DURATION>30 and REPEAT=60
* user-6d9e746345af@xymon.invalid for yellow&purple w/ DURATION>60 and REPEAT=60

Exercising our brain muscles we came up with these:
--- cut here ---
#alert CTO for v_trash
HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid

#alert CEO for x_dustbin
HOST=junkyard-starbox-x_dustbin
  MAIL=user-239f7abe1b7a@xymon.invalid

#stop alerting for the private boxes above
HOST=*
  IGNORE HOST=%^junkyard-starbox-(v_trash|x_dustbin)$

HOST=* COLOR=purple,yellow
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=60 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>60 REPEAT=60 RECOVERED NOTICE

HOST=* COLOR=red
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=10 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>30 REPEAT=60 RECOVERED NOTICE
--- and here ---

However, even with the "$" at the end of our regex we are no longer
receiving any alerts for v_trashcan because the regex wrongly matches on the
"IGNORE HOST=" line. We could use 2 lines to match each host on its own line
but that's not the point of this exercise.

So, can anyone confirm our finding?

list Matthew Moldvan · Sat, 6 Feb 2010 19:42:34 -0500 ·

A few very useful ways I recently found to test the regular expressions with xymon are the pcretest and hobbitd_client command.

-bash-3.2$ pcretest
PCRE version 6.6 06-Feb-2006

  re> /^asd$/
data> asdf
No match
data> asd
 0: asd

[root at zenls01h ~]# su - xymon
-bash-3.2$ ./server/bin/bbcmd hobbitd_client --test
2010-02-06 19:39:42 Using default environment file /usr/lib64/xymon/server/etc/hobbitserver.cfg
Hostname (.=end, ?=dump, !=reload) []:

From there you can try out the host name that's not matching up as well as the test.

Hope that helps in your troubleshooting; helped me remove some entries in the hobbit-clients and hobbit-alerts that were causing issues.

Good luck,
Matt.

Unix System Administrator
Computer Science Corporation
General Dynamics Land Systems
XXXXX Mound Rd.
Sterling Heights, MI.  48310
Desk: (XXX) XXX-XXXX
Oracle IM: moldvanm

This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.


From:
Kii NODA <user-d20081af5452@xymon.invalid>
To:
user-ae9b8668bcde@xymon.invalid
Date:
01/28/2010 04:58 PM
Subject:
[hobbit] Re: Alerts - HOSTS matching regular expressions.

▸ quoted from Kii Noda



Hi everyone,

After doing some testing I can say we've elegantly solved the problem caused by "HOST=%^asd$" matching both hosts named "asd" and "asdf" despite the "$" at the end. We've added a "STOP" rule at the end of the "special" rules that only alert CTO & CEO of Junkyard.

The problem still remains, however.

The new, most elegant ruleset thus far, follows:

--- cut here ---
HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid
  STOP

HOST=junkyard-starbox-x_dustbin
  MAIL=user-239f7abe1b7a@xymon.invalid
  STOP

HOST=*
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=60 RECOVERED NOTICE COLOR=purple,yellow
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=10 RECOVERED NOTICE COLOR=red
  MAIL=user-6d9e746345af@xymon.invalid DURATION>60 REPEAT=60 RECOVERED NOTICE COLOR=purple,yellow
  MAIL=user-6d9e746345af@xymon.invalid DURATION>30 REPEAT=60 RECOVERED NOTICE COLOR=red
--- and here ---


On Thu, Jan 28, 2010 at 10:45 PM, Kii NODA <user-d20081af5452@xymon.invalid> wrote:
Hi everyone,

As you may have already been aware by now, we're here to stay. :)

Here's one interesting problem (and maybe simple) for you: We've seen that "HOST=%^asd$" matches both hosts named "asd" and "asdf", not respecting the "$" at the end. Can you guys please confirm that regex matching for "HOST=" does not care about the "$" sign?

For those that need some expanded case-study (all others can now stop), here's the story behind: we are managing various servers of ours and our customers. Due to the fact that we do not control DNS entries for all these machines we have come up with a naming scheme like this:

--- cut here ---
junkyard-starbox # clientID=junkyard, starbox=actual machine
junkyard-starbox-v_trash # v_trash=vserver named trash running on starbox
junkyard-starbox-v_trashcan # v_trashcan=vserver named trashcan running on starbox
junkyard-starbox-x_dustbin # x_dustbin=xen server running on starbox
--- and here ---

We need to send these "special" alerts:
* ONLY user-931218b43962@xymon.invalid for events on junkyard-starbox-v_trash
* ONLY user-239f7abe1b7a@xymon.invalid for events on junkyard-starbox-x_dustbin

Also, we need to send these alerts for all other hosts & events:
* user-c3a820d2604a@xymon.invalid for purple, yellow & red w/ REPEAT=60
* user-6d9e746345af@xymon.invalid for red w/ DURATION>30 and REPEAT=60
* user-6d9e746345af@xymon.invalid for yellow&purple w/ DURATION>60 and REPEAT=60

Exercising our brain muscles we came up with these:
--- cut here ---
#alert CTO for v_trash
HOST=junkyard-starbox-v_trash
  MAIL=user-931218b43962@xymon.invalid

#alert CEO for x_dustbin
HOST=junkyard-starbox-x_dustbin
  MAIL=user-239f7abe1b7a@xymon.invalid

#stop alerting for the private boxes above
HOST=*
  IGNORE HOST=%^junkyard-starbox-(v_trash|x_dustbin)$

HOST=* COLOR=purple,yellow
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=60 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>60 REPEAT=60 RECOVERED NOTICE

HOST=* COLOR=red
  MAIL=user-c3a820d2604a@xymon.invalid REPEAT=10 RECOVERED NOTICE
  MAIL=user-6d9e746345af@xymon.invalid DURATION>30 REPEAT=60 RECOVERED NOTICE
--- and here ---

However, even with the "$" at the end of our regex we are no longer receiving any alerts for v_trashcan because the regex wrongly matches on the "IGNORE HOST=" line. We could use 2 lines to match each host on its own line but that's not the point of this exercise.

So, can anyone confirm our finding?
-- 
kN


-- 
kN

Alerts - HOSTS matching regular expressions. 🔗 link

Alerts - HOSTS matching regular expressions.