Annyoing logic in alerts.cfg
list Even Hauge Juberg
Hi!
I've been using Xymon for years and have recently begun to play around with the alerts.cfg, however, there is something I have been banging my head against the wall with, for weeks now. So I am reaching out to this list in the hopes that someone out there might have the key to save me from eternal frustration.
*snippet from my alerts.cfg*
HOST=* RECOVERED=1
IGNORE HOST=*
HOST=one-host SERVICE=http
MAIL user-9c417231eeaa@xymon.invalid COLOR=red
MAIL user-9c417231eeaa@xymon.invalid DURATION>5 COLOR=red
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
Sincerely,
Even
list Galen Johnson
Have you tried removing the recovered stanza? I thought Xymon only sent a recovered message if you explicitly tell it to on the alert itself:
HOST=*
MAIL user-7515ef6887f0@xymon.invalid DURATION>10 REPEAT=30 RECOVERED UNMATCHED
Check other rules to see if you are overriding it somewhere by telling it to explicitly send recover messages.
NB: I had thought there was a global setting somewhere that would default it to on but I can't find it
Basically, try commenting out
HOST=* RECOVERED=1
IGNORE HOST=*?
and see if it behaves like you want.
=G=
▸
From: Xymon <xymon-bounces at xymon.com> on behalf of Even Hauge Juberg <user-7763c527f65c@xymon.invalid>
Sent: Monday, March 27, 2017 8:04 AM
To: xymon at xymon.com
Subject: [Xymon] Annyoing logic in alerts.cfg
Hi!
I've been using Xymon for years and have recently begun to play around with the alerts.cfg, however, there is something I have been banging my head against the wall with, for weeks now. So I am reaching out to this list in the hopes that someone out there might have the key to save me from eternal frustration.
*snippet from my alerts.cfg*
HOST=* RECOVERED=1
IGNORE HOST=*
HOST=one-host SERVICE=http
MAIL user-9c417231eeaa@xymon.invalid COLOR=red
MAIL user-9c417231eeaa@xymon.invalid DURATION>5 COLOR=red
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
Sincerely,
Even
list Even Hauge Juberg
Thank you for your reply! Yes, I believe I did try that, but it actually sending a "recovered" to all users in the list, but I must've misconfigured something or simply remembering wrong. It seems to be working just as I want it now, I did add the "RECOVERED" to one user on the list - som maybe that did the trick? Sincerely Even
▸
Fra: Galen Johnson <user-87f955643e3d@xymon.invalid>
Sendt: 27. mars 2017 15:49
Til: Even Hauge Juberg; xymon at xymon.com
Emne: Re: Annyoing logic in alerts.cfg
Have you tried removing the recovered stanza? I thought Xymon only sent a recovered message if you explicitly tell it to on the alert itself:
HOST=*
MAIL user-7515ef6887f0@xymon.invalid DURATION>10 REPEAT=30 RECOVERED UNMATCHED
Check other rules to see if you are overriding it somewhere by telling it to explicitly send recover messages.
NB: I had thought there was a global setting somewhere that would default it to on but I can't find it
Basically, try commenting out
HOST=* RECOVERED=1
IGNORE HOST=*?
and see if it behaves like you want.
=G=
From: Xymon <xymon-bounces at xymon.com> on behalf of Even Hauge Juberg <user-7763c527f65c@xymon.invalid>
Sent: Monday, March 27, 2017 8:04 AM
To: xymon at xymon.com
Subject: [Xymon] Annyoing logic in alerts.cfg
Hi!
I've been using Xymon for years and have recently begun to play around with the alerts.cfg, however, there is something I have been banging my head against the wall with, for weeks now. So I am reaching out to this list in the hopes that someone out there might have the key to save me from eternal frustration.
*snippet from my alerts.cfg*
HOST=* RECOVERED=1
IGNORE HOST=*
HOST=one-host SERVICE=http
MAIL user-9c417231eeaa@xymon.invalid COLOR=red
MAIL user-9c417231eeaa@xymon.invalid DURATION>5 COLOR=red
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
Sincerely,
Even
list Even Hauge Juberg
Sadly, I spoke to soon. It is definitely nagging with the recovered-messages, even though there is no RECOVERED tag in the alerts.cfg file. Sincerely, Even
▸
Fra: Xymon [mailto:xymon-bounces at xymon.com] På vegne av Even Hauge Juberg
Sendt: tirsdag 28. mars 2017 11.28
Til: Galen Johnson <user-87f955643e3d@xymon.invalid>; xymon at xymon.com
Emne: Re: [Xymon] Annyoing logic in alerts.cfg
Thank you for your reply!
Yes, I believe I did try that, but it actually sending a "recovered" to all users in the list, but I must've misconfigured something or simply remembering wrong. It seems to be working just as I want it now, I did add the "RECOVERED" to one user on the list - som maybe that did the trick?
Sincerely
Even
Fra: Galen Johnson <user-87f955643e3d@xymon.invalid<mailto:user-87f955643e3d@xymon.invalid>>
Sendt: 27. mars 2017 15:49
Til: Even Hauge Juberg; xymon at xymon.com<mailto:xymon at xymon.com>
Emne: Re: Annyoing logic in alerts.cfg
Have you tried removing the recovered stanza? I thought Xymon only sent a recovered message if you explicitly tell it to on the alert itself:
HOST=*
MAIL user-7515ef6887f0@xymon.invalid<mailto:user-7515ef6887f0@xymon.invalid> DURATION>10 REPEAT=30 RECOVERED UNMATCHED
▸
Check other rules to see if you are overriding it somewhere by telling it to explicitly send recover messages.
NB: I had thought there was a global setting somewhere that would default it to on but I can't find it
Basically, try commenting out
HOST=* RECOVERED=1
IGNORE HOST=*
and see if it behaves like you want.
=G=
From: Xymon <xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>> on behalf of Even Hauge Juberg <user-7763c527f65c@xymon.invalid<mailto:user-7763c527f65c@xymon.invalid>>
Sent: Monday, March 27, 2017 8:04 AM
To: xymon at xymon.com<mailto:xymon at xymon.com>
Subject: [Xymon] Annyoing logic in alerts.cfg
Hi!
I've been using Xymon for years and have recently begun to play around with the alerts.cfg, however, there is something I have been banging my head against the wall with, for weeks now. So I am reaching out to this list in the hopes that someone out there might have the key to save me from eternal frustration.
*snippet from my alerts.cfg*
HOST=* RECOVERED=1
IGNORE HOST=*
HOST=one-host SERVICE=http
MAIL user-9c417231eeaa@xymon.invalid<mailto:user-9c417231eeaa@xymon.invalid> COLOR=red
MAIL user-9c417231eeaa@xymon.invalid<mailto:user-9c417231eeaa@xymon.invalid> DURATION>5 COLOR=red
▸
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
Sincerely,
Even
list Henrik Størner
▸
Den 27-03-2017 14:04, Even Hauge Juberg skrev:
*snippet from my alerts.cfg* _HOST=* RECOVERED=1_ _ IGNORE HOST=*_
_HOST=one-host SERVICE=http_
_ MAIL user-9c417231eeaa@xymon.invalid COLOR=red_
_ MAIL __someuser at domain__.local__ DURATION>5 COLOR=red_
Several problems here. * "IGNORE" is for a recipient. If you want to exclude a host it is "EXHOST=<hostname>". But having a "HOST=* EXHOST=*" does not make sense. * It is "RECOVERED" by itself, not "RECOVERED=1". * Judging from the whitespace (the blank line), you want the first "HOST=*" to be a rule by itself. It is not, a rule must have a recipient (MAIL or SCRIPT). So all of what you have from this bit of alerts.cfg go into one rule, and probably ends up being interpreted as all "http" alerts going to the two mail addresses, and both of them receiving recovery notifications. Try running "xymoncmd xymond_alert --dump-config" and see how the parsed configuration looks.
▸
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to
accomplish this? If you don't want any messages about recovered hosts,
just dont put "RECOVERED" anywhere in your config. They are not enabled
by default.
&n
rule specification. E.g. HOST=one-host
SERVICE=http RECOVERED
MAIL user-997c1aaa48b2@xymon.invalid MAIL user-cc214d0fbed6@xymon.invalid
will send alerts and recovery not
Adam and Eve. If you only want recovery notices sent to one recipient, then put it on that recipient: HOST=one-host SERVICE=http MAIL user-997c1aaa48b2@xymon.invalid RECOVERED MAIL user-cc214d0fbed6@xymon.invalid will send alerts to both Adam and Eve, but recovery messages only to Adam. Regards, Henrik
list Even Hauge Juberg
Thank you for your reply. That config was my desperate attempt to trick the system, after my initial configuration did not do what I wanted it to. My first attempt looked like this(which is also my current config):
HOST=somehost SERVICE=http
MAIL some.user at local DURATION>5 COLOR=red
MAIL some.user at local DURATION>5 COLOR=red
HOST=* COLOR=red
MAIL some.user at local DURATION>5 COLOR=red
This has sent, since yesterday, 200 OK messages to my inbox. The result from the –dump-config looks like it would produce the result I want and need, but it just will not stop with the annoying “OK” messages.
They look like this:
green Thu Mar 30 11:39:24 2017: OK
&green someURL - OK
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 14 Apr 2011 10:19:24 GMT
Accept-Ranges: bytes
ETag: "c7c3ab6d8dfacb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 30 Mar 2017 09:39:23 GMT
Connection: close
Content-Length: 611
Seconds: 0.009634000
Getting hundreds of these in a couple of days, really takes away from the useful messages I would like to receive.
▸
Sincerely
Even
Fra: Xymon [mailto:xymon-bounces at xymon.com] På vegne av Henrik Størner
Sendt: torsdag 30. mars 2017 12.12
Til: xymon at xymon.com
Emne: Re: [Xymon] Annyoing logic in alerts.cfg
Den 27-03-2017 14:04, Even Hauge Juberg skrev:
*snippet from my alerts.cfg*
HOST=* RECOVERED=1
IGNORE HOST=*
HOST=one-host SERVICE=http
MAIL user-9c417231eeaa@xymon.invalid<mailto:user-9c417231eeaa@xymon.invalid> COLOR=red
MAIL user-9c417231eeaa@xymon.invalid<mailto:user-9c417231eeaa@xymon.invalid> DURATION>5 COLOR=red
Several problems here.
1. "IGNORE" is for a recipient. If you want to exclude a host it is "EXHOST=<hostname>". But having a "HOST=* EXHOST=*" does not make sense.
2. It is "RECOVERED" by itself, not "RECOVERED=1".
3. Judging from the whitespace (the blank line), you want the first "HOST=*" to be a rule by itself. It is not, a rule must have a recipient (MAIL or SCRIPT). So all of what you have from this bit of alerts.cfg go into one rule, and probably ends up being interpreted as all "http" alerts going to the two mail addresses, and both of them receiving recovery notifications. Try running "xymoncmd xymond_alert --dump-config" and see how the parsed configuration looks.
▸
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
If you don't want any messages about recovered hosts, just dont put "RECOVERED" anywhere in your config. They are not enabled by default.
If you want recovery messages for all of the recipients matching a rule, then put it on the rule specification. E.g.
HOST=one-host SERVICE=http RECOVERED
MAIL user-997c1aaa48b2@xymon.invalid<mailto:user-997c1aaa48b2@xymon.invalid>
MAIL user-cc214d0fbed6@xymon.invalid<mailto:user-cc214d0fbed6@xymon.invalid>
will send alerts and recovery notices to both Adam and Eve.
▸
If you only want recovery notices sent to one recipient, then put it on that recipient:
HOST=one-host SERVICE=http
MAIL user-997c1aaa48b2@xymon.invalid<mailto:user-997c1aaa48b2@xymon.invalid> RECOVERED
MAIL user-cc214d0fbed6@xymon.invalid<mailto:user-cc214d0fbed6@xymon.invalid>
▸
will send alerts to both Adam and Eve, but recovery messages only to Adam.
Regards,
Henrik
list Henrik Størner
▸
Den 30-03-2017 13:01, Even Hauge Juberg skrev:
This has sent, since yesterday, 200 OK messages to my inbox. The result from the
-dump-config looks like it would produce the result I want and need, but it just will not stop with the annoying "OK" messages.
Add the "--cfid"
option to xymond_alert (in tasks.cfg). Then either restart Xymon
entirely, or do a "kill -HUP " on the xymonlaunch process and then kill
the existing xymond_alert process (it will then automatically restart
with the new option enabled).
Next time you get one of these messages,
the mail subject will include the linenumber of the rule in alerts.cfg
which triggered the message.
Regards,
Henrik FRA: Xymon
[mailto:xymon-bounces at xymon.com] P VEGNE AV Henrik Størner
▸
SENDT:
torsdag 30. mars 2017 12.12
TIL: xymon at xymon.com EMNE: Re: [Xymon]
Annyoing logic in alerts.cfg
Den 27-03-2017 14:04, Even Hauge
Juberg skrev:
*snippet from my alerts.cfg* _HOST=*
RECOVERED=1_
_ IGNORE HOST=*_ _HOST=one-host
SERVICE=http_
_ MAIL user-ad28babd0181@xymon.invalid [1]_ COLOR=red_
_ MAIL user-ad28babd0181@xymon.invalid [2]_ DURATION>5 COLOR=red_
Several problems here.
* "IGNORE" is for a recipient. If you want to exclude a host it is "EXHOST=". But having a "HOST=* EXHOST=*" does
▸
not make sense.
* It is "RECOVERED" by itself, not "RECOVERED=1". *Judging from the whitespace (the blank line), you want the first "HOST=*" to be a rule by itself. It is not, a rule must have a recipient (MAIL or SCRIPT). So all of what you have from this bit of alerts.cfg go into one rule, and probably ends up being interpreted as all "http" alerts going to the two mail addresses, and both of them receiving recovery notifications. Try running "xymoncmd xymond_alert --dump-config" and see how the parsed configuration looks.
What
I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this? If you don't want any messages about recovered hosts, just dont put "RECOVERED" anywhere in your config. They are not enabled by default.
Links:
[1]
mailto:user-9c417231eeaa@xymon.invalid
[2] mailto:user-9c417231eeaa@xymon.invalid
[3]
mailto:user-997c1aaa48b2@xymon.invalid
[4] mailto:user-cc214d0fbed6@xymon.invalid
[5]
mailto:user-997c1aaa48b2@xymon.invalid
[6] mailto:user-cc214d0fbed6@xymon.invalid
list Even Hauge Juberg
Thank you for your suggestions and help, but sadly this leaves me just as stumped as before. The emails that are sent to me, all stem from the same two lines in alerts.cfg, which both look like this: MAIL user-7763c527f65c@xymon.invalid DURATION>5 COLOR=red Sincerely Even Fra: Henrik Størner [mailto:user-ce4a2c883f75@xymon.invalid] Sendt: torsdag 30. mars 2017 13.12 Til: Even Hauge Juberg <user-7763c527f65c@xymon.invalid> Kopi: xymon at xymon.com Emne: Re: SV: [Xymon] Annyoing logic in alerts.cfg
▸
Den 30-03-2017 13:01, Even Hauge Juberg skrev:
This has sent, since yesterday, 200 OK messages to my inbox. The result from the –dump-config looks like it would produce the result I want and need, but it just will not stop with the annoying “OK” messages.
Add the "--cfid" option to xymond_alert (in tasks.cfg). Then either restart Xymon entirely, or do a "kill -HUP " on the xymonlaunch process and then kill the existing xymond_alert process (it will then automatically restart with the new option enabled).
Next time you get one of these messages, the mail subject will include the linenumber of the rule in alerts.cfg which triggered the message.
Regards,
Henrik
Fra: Xymon [mailto:xymon-bounces at xymon.com] På vegne av Henrik Størner
Sendt: torsdag 30. mars 2017 12.12
Til: xymon at xymon.com<mailto:xymon at xymon.com>
Emne: Re: [Xymon] Annyoing logic in alerts.cfg
Den 27-03-2017 14:04, Even Hauge Juberg skrev:
*snippet from my alerts.cfg*
HOST=* RECOVERED=1
IGNORE HOST=*
HOST=one-host SERVICE=http
MAIL user-9c417231eeaa@xymon.invalid<mailto:user-9c417231eeaa@xymon.invalid> COLOR=red
MAIL user-9c417231eeaa@xymon.invalid<mailto:user-9c417231eeaa@xymon.invalid> DURATION>5 COLOR=red
Several problems here.
1. "IGNORE" is for a recipient. If you want to exclude a host it is "EXHOST=". But having a "HOST=* EXHOST=*" does not make sense.
2. It is "RECOVERED" by itself, not "RECOVERED=1".
3. Judging from the whitespace (the blank line), you want the first "HOST=*" to be a rule by itself. It is not, a rule must have a recipient (MAIL or SCRIPT). So all of what you have from this bit of alerts.cfg go into one rule, and probably ends up being interpreted as all "http" alerts going to the two mail addresses, and both of them receiving recovery notifications. Try running "xymoncmd xymond_alert --dump-config" and see how the parsed configuration looks.
What I'm trying to accomplish is to stop the "I'm OK - recovered" messages. Those messages are irrelevant, so I want those filtered out. The problem though, is that the logic is completely off on this point. The first rule for some reason takes presedense, even though I have explicitly told it to only use that rule IF the host has recovered, no?
I want it to skip that rule, if it has not yet recovered, send mail to the first user immediately, then to the other user after 5 minutes, but leave those users alone if the service is OK again. Is there a way to accomplish this?
If you don't want any messages about recovered hosts, just dont put "RECOVERED" anywhere in your config. They are not enabled by default.
If you want recovery messages for all of the recipients matching a rule, then put it on the rule specification. E.g.
HOST=one-host SERVICE=http RECOVERED
MAIL user-997c1aaa48b2@xymon.invalid<mailto:user-997c1aaa48b2@xymon.invalid>
MAIL user-cc214d0fbed6@xymon.invalid<mailto:user-cc214d0fbed6@xymon.invalid>
will send alerts and recovery notices to both Adam and Eve.
If you only want recovery notices sent to one recipient, then put it on that recipient:
HOST=one-host SERVICE=http
MAIL user-997c1aaa48b2@xymon.invalid<mailto:user-997c1aaa48b2@xymon.invalid> RECOVERED
MAIL user-cc214d0fbed6@xymon.invalid<mailto:user-cc214d0fbed6@xymon.invalid>
will send alerts to both Adam and Eve, but recovery messages only to Adam.
Regards,
Henrik