False alerts on nothing being found (again)

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
connected

False alerts on nothing being found (again)

Post by connected »

The issues described at https://support.nagios.com/forum/viewto ... 38&t=61693 is happening again.
The same already deleted alert is sending e-mails again since 23-02-2021 00:10 UTC+1

I executed the following commands at 08:46 UTC+1 but still receiving alerts.

Code: Select all

curl -XGET 'localhost:9200/nagioslogserver/alert/_search?q=_id:AWSD132lSptOOhacSd9u&pretty'
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  },
  "hits" : {
    "total" : 0,
    "max_score" : null,
    "hits" : [ ]
  }
}


curl -XDELETE 'localhost:9200/nagioslogserver/alert/_search?q=_id:AWSD132lSptOOhacSd9u&pretty'

{
  "found" : false,
  "_index" : "nagioslogserver",
  "_type" : "alert",
  "_id" : "_search",
  "_version" : 1
}

curl -XDELETE 'localhost:9200/nagioslogserver_history'
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: False alerts on nothing being found (again)

Post by scottwilkerson »

It is very odd. I'd like to get a fresh copy of the nagioslogserver index as well as nagioslogserver_history:

Code: Select all

curl -XPOST http://localhost:9200/nagioslogserver/_export?path=/tmp/nagioslogserver.tar.gz
curl -XPOST http://localhost:9200/nagioslogserver_history/_export?path=/tmp/nagioslogserver_history.tar.gz
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: False alerts on nothing being found (again)

Post by scottwilkerson »

What time was the alert deleted?
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
connected

Re: False alerts on nothing being found (again)

Post by connected »

I executed the following commands at 08:46 UTC+1
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: False alerts on nothing being found (again)

Post by scottwilkerson »

After a quite a bit of research and digging, it appears that one of our techs had a VM running with your configuration on it from helping debug another issue, and I believe that it was sending the messages.

They have decommissioned this server and I am guessing will solve the issue
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
connected

Re: False alerts on nothing being found (again)

Post by connected »

Hi Scott,

That might very well be the peculiar case. :lol:
Looking at the headers of the e-mail it's coming from Comcast Cable Communications, which we are not.
We have limited filters on the receiving mailbox to make sure to receive all alerts from all systems we have.
The mailing indeed stopped now. Thanks for finding the issue!
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: False alerts on nothing being found (again)

Post by scottwilkerson »

connected wrote:Hi Scott,

That might very well be the peculiar case. :lol:
Looking at the headers of the e-mail it's coming from Comcast Cable Communications, which we are not.
We have limited filters on the receiving mailbox to make sure to receive all alerts from all systems we have.
The mailing indeed stopped now. Thanks for finding the issue!
Awesome...

Locking thread
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
Locked

Return to “Nagios Log Server”