Problem with NOTICE rule in alerts.cfg
list Bill Arlofski
I noticed that the xymon_alerts docs show there is a NOTICE keyword which is described as: NOTICE Rule matches if the message is a "notify" message. This type of message is sent when a host or test is disabled or enabled. I wanted to be alerted via a custom SMS script of any test as soon as it is enabled or disabled. So in the alerts.cfg file I had initially set up a line that I thought would trigger whenever a test was enabled or disabled like so: HOST=* SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS NOTICE As I was testing enabling and disabling, it appeared that I had gotten the syntax correct and I was off to the next thing. However, when a normal test went yellow, I received two SMS alerts for it. My logs shows that the CFID environment variable was showing that my new alert listed above was triggering the SMS as well as the PAGE=%firewalls/* alert that was supposed to trigger it. I then tried NOTICE SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS as well as NOTICE=* SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS and finally HOST=* NOTICE SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS But it seems that ANY status change including normal green, yellow, red, purple triggers this alert as well as any other correctly matching alert. I did some additional testing with all three above configurations using: xymond_alert --test fw.example.com testname And each of them showed (in order): *** Match with 'HOST=*' *** *** Match with 'SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS NOTICE' *** *** Match with 'NOTICE' *** *** Match with 'SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS' *** *** Match with 'NOTICE=*' *** *** Match with 'SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS' *** *** Match with 'HOST=* NOTICE' *** *** Match with 'SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS' *** Would love to get this working correctly and appreciate any help! -- Bill Arlofski Reverse Polarity, LLC http://www.revpol.com/
list Henrik Størner
▸
On 08-12-2011 23:08, Bill Arlofski wrote:
I noticed that the xymon_alerts docs show there is a NOTICE keyword which is
described as:
NOTICE Rule matches if the message is a "notify" message. This type of message
is sent when a host or test is disabled or enabled.
I wanted to be alerted via a custom SMS script of any test as soon as it is
enabled or disabled. So in the alerts.cfg file I had initially set up a line
that I thought would trigger whenever a test was enabled or disabled like so:
HOST=*
SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS NOTICE
As I was testing enabling and disabling, it appeared that I had gotten the
syntax correct and I was off to the next thing.
However, when a normal test went yellow, I received two SMS alerts for it.
My logs shows that the CFID environment variable was showing that my new alert
listed above was triggering the SMS as well as the PAGE=%firewalls/* alert
that was supposed to trigger it.Would love to get this working correctly and appreciate any help!
I think the description in the man-page could be improved. The idea behind NOTICE is that this is an addition to existing rules; if you get an alert, then you probably also want to get notified when the test is disabled. So the idea is that you add the "NOTICE" keyword to your existing "PAGE=%firewalls" rule - then you'll get the alert when it goes yellow, and a notification if it is disabled - but not the double alert. But I understand that you would like to know about *any* test that gets disabled - i.e. a notification that someone disabled a test, regardless of whether you actually receive an alert for that test or not. That is not possible currently, and frankly I am not sure if this should be handled by the alert-module - there is a separate Xymon channel that is fed all the enable/disable events, and I think this type of notification would be better handled by plugging into that data stream. Currently the only module using that enable/disable channel is the compatibility module for updating the "Big Brother" 'disabled' directory. But it would fairly trivial to create a module that triggered a message whenever something was disabled. Regards, Henrik
list Bill Arlofski
▸
On 12/13/11 07:11, Henrik Størner wrote:
On 08-12-2011 23:08, Bill Arlofski wrote:I noticed that the xymon_alerts docs show there is a NOTICE keyword which is described as: NOTICE Rule matches if the message is a "notify" message. This type of message is sent when a host or test is disabled or enabled. I wanted to be alerted via a custom SMS script of any test as soon as it is enabled or disabled. So in the alerts.cfg file I had initially set up a line that I thought would trigger whenever a test was enabled or disabled like so: HOST=* SCRIPT $xymon-sms-alert $waaphone TIME=$smsalerthours FORMAT=SMS NOTICE As I was testing enabling and disabling, it appeared that I had gotten the syntax correct and I was off to the next thing. However, when a normal test went yellow, I received two SMS alerts for it. My logs shows that the CFID environment variable was showing that my new alert listed above was triggering the SMS as well as the PAGE=%firewalls/* alert that was supposed to trigger it.Would love to get this working correctly and appreciate any help!I think the description in the man-page could be improved. The idea behind NOTICE is that this is an addition to existing rules; if you get an alert, then you probably also want to get notified when the test is disabled. So the idea is that you add the "NOTICE" keyword to your existing "PAGE=%firewalls" rule - then you'll get the alert when it goes yellow, and a notification if it is disabled - but not the double alert. But I understand that you would like to know about *any* test that gets disabled - i.e. a notification that someone disabled a test, regardless of whether you actually receive an alert for that test or not. That is not possible currently, and frankly I am not sure if this should be handled by the alert-module - there is a separate Xymon channel that is fed all the enable/disable events, and I think this type of notification would be better handled by plugging into that data stream. Currently the only module using that enable/disable channel is the compatibility module for updating the "Big Brother" 'disabled' directory. But it would fairly trivial to create a module that triggered a message whenever something was disabled. Regards, Henrik
Hi Henrik... I commented out my HOST=* NOTICE rule and SCRIPT line back when we had this conversation, but I neglected to leave myself a note in the alerts.cfg file... So basically, I went down the same path again today, when I found this old thread in the list. Good thing I searched, otherwise it might appear that I am becoming forgetful in my old age. :) In any case, I am only bothering you with this because I see you said " But it would fairly trivial to create a module that triggered a message whenever something was disabled." and I am wondering if it is trivial enough to actually bother doing. Thanks... P.S. See you again in two years. lol -- Bill Arlofski Reverse Polarity, LLC http://www.revpol.com/ --not responsible for anything below this line--