double LOG alert 🔗 link

Hi !

I've got two alert mails for the same logentry within 30 minutes :-(

I know that becomes with the default of

"the LOG check clears itself after 30m"

didn't it ?

Is it possible to eliminate this without hacking the sourcecode ?

Thanks & Cheers

        Martin


FRIST ALERT :

---------- Forwarded message ----------
Date: Wed,  8 Feb 2012 10:16:37 +0100 (CET)
From: Xymon user <user-2e668168af76@xymon.invalid>
To: user-2e668168af76@xymon.invalid, user-299456d267d3@xymon.invalid
Subject: [xymon-patrol] Xymon [652105] oracle1:msgs CRITICAL (RED) [cfid:128]

red System logs at Wed Feb  8 10:16:28 CET 2012

&red Critical entries in <a href="/xymon-cgi/svcstatus.sh?CLIENT=oracle1&amp;SECTION=msgs:/var/log/messages">/var/log/messages</a>
&red Feb  8 10:14:25 oracle1 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
&red Feb  8 10:14:25 oracle1 kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
&red Feb  8 10:14:25 oracle1 kernel: CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
&red Feb  8 10:14:25 oracle1 kernel: nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
&red Feb  8 10:14:25 oracle1 kernel: sysctl net.netfilter.nf_conntrack_acct=1 to enable it.


Full log <a href="/xymon-cgi/svcstatus.sh?CLIENT=oracle1&amp;SECTION=msgs:/var/log/messages">/var/log/messages</a>
Feb  8 10:14:25 oracle1 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Feb  8 10:14:25 oracle1 kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
Feb  8 10:14:25 oracle1 kernel: CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
Feb  8 10:14:25 oracle1 kernel: nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
Feb  8 10:14:25 oracle1 kernel: sysctl net.netfilter.nf_conntrack_acct=1 to enable it.


SECOND ALERT :


Date: Wed,  8 Feb 2012 10:46:45 +0100 (CET)
From: Xymon user <user-2e668168af76@xymon.invalid>
To: user-2e668168af76@xymon.invalid, user-299456d267d3@xymon.invalid
Subject: [xymon-patrol] Xymon [652105] oracle1:msgs CRITICAL (RED) [cfid:128]

red System logs at Wed Feb  8 10:46:32 CET 2012

&red Critical entries in <a 
href="/xymon-cgi/svcstatus.sh?CLIENT=oracle1&amp;SECTION=msgs:/var/log/messages">/var/log/messages</a>
&red Feb  8 10:14:25 oracle1 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
&red Feb  8 10:14:25 oracle1 kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
&red Feb  8 10:14:25 oracle1 kernel: CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
&red Feb  8 10:14:25 oracle1 kernel: nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
&red Feb  8 10:14:25 oracle1 kernel: sysctl net.netfilter.nf_conntrack_acct=1 to enable it.


Full log <a href="/xymon-cgi/svcstatus.sh?CLIENT=oracle1&amp;SECTION=msgs:/var/log/messages">/var/log/messages</a>
Feb  8 10:14:25 oracle1 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Feb  8 10:14:25 oracle1 kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
Feb  8 10:14:25 oracle1 kernel: CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
Feb  8 10:14:25 oracle1 kernel: nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
Feb  8 10:14:25 oracle1 kernel: sysctl net.netfilter.nf_conntrack_acct=1 to enable it.

Hi and once again :-)


It seems to be a bug for me to got 2 alert-mails within 30 minutes
for still the same event/logentry, isn't it ?

Ok, the reason of the second needless log-mail-alert is,
that ther are no further logentries in the next 30 minutes,
it's very unusual for a logfile i know, but what should i do,
to oppress the second needless alert ?

Is there any chance to clear the "LOG check"  by hand
without changing the sourcecode
http://lists.xymon.com/archive/2006-December/010927.html

or maybe a special alert-configuration ?

Thanks in advance

cheers,
 	martin

On Wed, 8 Feb 2012, Martin Flemming wrote:

<pre>
</pre>
<pre>
</pre>

<pre>
</pre>
<pre>
</pre>