Newbie: some alerts not firing
list Elizabeth Schwartz
Can anyone tell me why these alerts aren't firing? Running xymon 4.3.0
on Oracle Linux.
The services are alerting and the generic paging rules are sending
alerts for them;
these rules are supposed to email particular teams in addition.
(am I wrong in thinking that more than one rule can match a particular alert?)
HOST=db* EXHOST=*dl2* SERVICE=oradb,orasys,oradns
MAIL dba-support REPEAT=1d RECOVERED # email dba's in
addition to above
HOST=redirect* EXSERVICE=msgs
MAIL user-953b8a3e7b63@xymon.invalid REPEAT=1d RECOVERED
If anyone wants to see the entire alerts.cfg I stuck it at
http://pastebin.com/RWAqKnHQ
(minus the comment lines at the top)
list Paul Root
Well first, if you are using wildcards in hostnames, you need a % before it. HOST=%db* EXHOST=%*db* Second, if you want to see what the alerts is supposed to do, use hobbitd_alert. Oh, wait, 4.3.0, I guess that would be xymond_alert to test. Should be found in ~/server/bin xymond_alert --test <hostname> <test> I generally pipe that to grep -v Failed just to cut down on extraneous output. There are plenty of parameters for it, so read the man page. --duration is useful, etc. Personally, I've moved away from wildcard hostnames. Sometimes it seems inconsistant to me. Paul. Paul Root Lead Internet Systems Eng Qwest Network Services
-----Original Message----- From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Elizabeth Schwartz Sent: Thursday, March 24, 2011 8:31 AM To: xymon at xymon.com Subject: [Xymon] Newbie: some alerts not firing
▸
Can anyone tell me why these alerts aren't firing? Running xymon 4.3.0 on Oracle Linux. The services are alerting and the generic paging rules are sending alerts for them; these rules are supposed to email particular teams in addition. (am I wrong in thinking that more than one rule can match a particular alert?) HOST=db* EXHOST=*dl2* SERVICE=oradb,orasys,oradns MAIL dba-support REPEAT=1d RECOVERED # email dba's in addition to above HOST=redirect* EXSERVICE=msgs MAIL user-953b8a3e7b63@xymon.invalid REPEAT=1d RECOVERED If anyone wants to see the entire alerts.cfg I stuck it at http://pastebin.com/RWAqKnHQ (minus the comment lines at the top)
This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
list Dan McDonald
▸
On Thu, 2011-03-24 at 08:47 -0500, Root, Paul wrote:
Well first, if you are using wildcards in hostnames, you need a % before it. HOST=%db* EXHOST=%*db*
Of course, those particular patterns (being regular expressions) probably won't work correctly. I might suggest: HOST=%^db EXHOST=%dl2 The * in glob-syntax is superfluous when dealing with regular expressions. These now read "any host that begins with db except those that have dl2 anywhere in the name" -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
list Elizabeth Schwartz
Thank you all!!
HOST=%db* EXHOST=%*db*"any host that begins with db except those that have dl2 anywhere in the name"
That is what I want, alert on this event on all the database hosts except the ones with dl2 anywhere in their names.
▸
xymond_alert --test <hostname> <test> I generally pipe that to grep -v Failed just to cut down on extraneous output. There are plenty of parameters for it, so read the man page. --duration is useful, etc.
thanks, that is a HUGE help. I had not been familiar with this. Gave me some other stuff to look at, too Looks like the redirect page is working now, but will take a real red to feel 100% confident. (although as a sysadmin I hope it stays green...) thanks again. I am loving this list Betsy
list Elizabeth Schwartz
Hm OK I updated the rules, now puzzled about why this one is alerting: 00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.example.com:vmio:' against rule line 146 00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2* SERVICE=vmio' *** 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.e-dialog.com:vmio:' against rule line 147 00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d RECOVERED' *** Fiona alerted for vmio and is paging. Fiona does not have the string "db" anywhere in its name. (I replaced my company with example but the company name doesn't have a db in it either) later on I get 00020753 2011-03-24 12:58:09 Matching host:service:page 'fiona.example.com:vmio:' against rule line 181 00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list) The regexp is different in that there's a second asterisk, but the machines I want to catch do all start with db... thanks again Betsy
list Asif Iqbal
On Thu, Mar 24, 2011 at 12:59 PM, Elizabeth Schwartz
▸
<user-c61747246f66@xymon.invalid> wrote:Hm OK I updated the rules, now puzzled about why this one is alerting:
%^db.* <-- use it like that change this '%*dl2*' to '%.*dl2.*' if that is what you wanted. Also use pcretest to verify if it is matching the right host
▸
00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.example.com:vmio:' against rule line 146 00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2* SERVICE=vmio' *** 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.e-dialog.com:vmio:' against rule line 147 00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d RECOVERED' *** Fiona alerted for vmio and is paging. Fiona does not have the string "db" anywhere in its name. (I replaced my company with example but the company name doesn't have a db in it either) later on I get 00020753 2011-03-24 12:58:09 Matching host:service:page 'fiona.example.com:vmio:' against rule line 181 00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list) The regexp is different in that there's a second asterisk, but the machines I want to catch do all start with db... thanks again Betsy
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
list David Baldwin
Elizabeth,
▸
Hm OK I updated the rules, now puzzled about why this one is alerting: 00020522 2011-03-24 12:53:44 send_alert fiona.e-dialog.com:vmio state Paging 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.example.com:vmio:' against rule line 146 00020522 2011-03-24 12:53:44 *** Match with 'HOST=%db* EXHOST=%*dl2* SERVICE=vmio' *** 00020522 2011-03-24 12:53:44 Matching host:service:page 'fiona.e-dialog.com:vmio:' against rule line 147 00020522 2011-03-24 12:53:44 *** Match with 'MAIL xymail REPEAT=1d RECOVERED' *** Fiona alerted for vmio and is paging. Fiona does not have the string "db" anywhere in its name. (I replaced my company with example but the company name doesn't have a db in it either)
In regular expressions, '*' is not a wildcard - it means "match the preceding pattern 0 or more times, so 'db*' matches 'd' followed by any number of 'b' characters. %db* is not anchored (it can match anywhere), so at a minimum if there is a single 'd' anywhere in the host name (including the domain) it will match - in effect the '%db*' is equivalent to '%d' The equivalent of a wildcard is '.*' - '.' matches any character, '*' matches 0 or more times. When the regular expression is not anchored (i.e. tied to matching at a particular position), '.*' and the start or end is redundant. If you want to make a pattern fully anchored, use something like: HOST=%^db.*$ '^' means match from the beginning of the string. '$' matches the end of the string.
▸
later on I get 00020753 2011-03-24 12:58:09 Matching host:service:page 'fiona.example.com:vmio:' against rule line 181 00020753 2011-03-24 12:58:09 Failed 'HOST=%*db*' (hostname not in include list) The regexp is different in that there's a second asterisk, but the machines I want to catch do all start with db...
HOST=%*db* isn't a valid regular expression, so it won't match anything. The first '*' has no preceding pattern. Possibly it might be interpreted as match a '*' character, which will won't match. If you want to match any host containing 'db' use HOST=%db (or HOST=%^.*db.*$ as anchored version). Strictly speaking, if you want to match 'db' in only the host and not the domain, you could do HOST=%[^.]*db - match from the start of the string any number of characters that aren't '.' followed by 'db' Regular expressions are far more powerful than simple wildcards, but the syntax for simple matches is different. A rundown on regular expressions is here: http://en.wikipedia.org/wiki/PCRE http://perldoc.perl.org/perlre.html David. -- David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 user-cbbf693f2c89@xymon.invalid Leverrier Street Bruce ACT 2617 Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
list Elizabeth Schwartz
Thank you all again, everything is working now. xymond_alert --test and pcretest were hugely useful. We're running BB and xymon in parallel right now for acceptance testing and very happy with it. It's *so* much easier to configure.