URGENT! Nagios flooding mail server but mailq is empty!

[avandemore]

SMTP Pro's:
Connects directly to remote SMTP server. Provided you know the info, that's all you should need to get going.
If you have this info, there is a good chance the SMTP is setup properly so the remote end will not reject mail.
SMTP Con's:
Bad logging
Queue managed locally in DB and remotely at MTA.

Sendmail Pro's:
XI/Core delivers mail directly to local MTA
For simple internal email structure, it's very easy to setup.
Great logging
Queue Management
Sendmail Con's:
Setup knowledge required for relaying if a smart host is used.
Other MTA's may reject mail from the host if not setup correctly.
Working knowledge of the MTA required for administrative use
Greater possibility remote end with reject mail for various arbitrary reasons if not setup properly.

To remove all emails that are queued in the DB(this will do more than that):
in the nagiosxi database, run the following commands:

Code: Select all

TRUNCATE TABLE xi_meta;
TRUNCATE TABLE xi_events;
TRUNCATE TABLE xi_eventqueue;

[scottwilkerson]

Actually this would do the trick to stop any further mail from being sent

execute the following on the nagiosxi database

Code: Select all

UPDATE xi_events SET status_code=2, processing_time=NOW() WHERE event_type=2;

[dfmco]

Just to be clear, I would log into myslq then do a "use database nagiosxi" then run that command? These are for alerts that are already queued, correct?

[scottwilkerson]

First we would need to verify if your system is using postgres or mysql for the nagiosxi DB

Code: Select all

grep  -A 4 db_info /usr/local/nagiosxi/html/config.inc.php

if you see this it is postgres:

Code: Select all

$cfg['db_info'] = array(
    "nagiosxi" => array(
        "dbtype" => 'pgsql',
        "dbserver" => '',
        "user" => 'nagiosxi',

for that you can just run the following:

Code: Select all

echo "UPDATE xi_events SET status_code=2, processing_time=NOW() WHERE event_type=2;"| psql nagiosxi nagiosxi

If the dbtype is mysql then you can run the following:

Code: Select all

echo "UPDATE xi_events SET status_code=2, processing_time=NOW() WHERE event_type=2;"| mysql -p nagiosxi

it will prompt for password on mysql and the default root password is nagiosxi if you have not changed it

[dfmco]

Awesome!

So this will just clear out alerts that have not been sent yet? Just wanted to confirm so there are no surprises when we run a monthly service report.

Also, anything on the Sendmail vs SMTP that you can provide?

[scottwilkerson]

Awesome!

So this will just clear out alerts that have not been sent yet? Just wanted to confirm so there are no surprises when we run a monthly service report.

Also, anything on the Sendmail vs SMTP that you can provide?

This is correct, they just will not send if they are still in the queue in XI.

If you are using sendmail and the mail is out of XI but still in the mail queue on the XI server you can see it by running

Code: Select all

# mailq

if you want to clear the queue you would do the following:

Code: Select all

# cd /var/spool/mqueue/
# ls
# rm *

If they were sent to an SMTP server, you almost certainly are out of luck and they are going to be delivered.