Some Alerts Intermittently not firing in 2015R2.1

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
Jklre
Posts: 163
Joined: Wed May 28, 2014 1:56 pm

Some Alerts Intermittently not firing in 2015R2.1

Post by Jklre »

It looks like we are having some alerts intermittently not firing in 2015R2.1 I'm not sure if this was happening before the upgrade or not.

Looking at the audit logs were seeing this for some of them. As you can see below its hitting the threshold of 1 but returning OK. This seems to only be happening for some, as we are receiving other alerts.

{
"_index": "nagioslogserver_log",
"_type": "ALERT",
"_id": "AU62vYfZ4X2tlDGI5xeN",
"_score": null,
"_source": {
"created": 1437584951257,
"type": "ALERT",
"message": "Alert ID ILVfKJeJTf6a2SRbPiRvog returned OK: 1 matching entries found |logs=1;1;1",
"source": "Nagios Log Server"
},
"sort": [
1437584951257,
1437584951257
]
}
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Some Alerts Intermittently not firing in 2015R2.1

Post by jolson »

Jklre,
Setting an alert to have a threshold of '1' means that the log count must be greater than one for the alert to trigger. The syntax for defining your thresholds is as follows:

Code: Select all

Definition         Generate an alert if x...
10 	                    < 0 or > 10, (outside the range of {0 .. 10})
10: 	                    < 10, (outside {10 .. ∞})
~:10 	                    > 10, (outside the range of {-∞ .. 10})
10:20 	            < 10 or > 20, (outside the range of {10 .. 20})
@10:20 	            ≥ 10 and ≤ 20, (inside the range of {10 .. 20})
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Jklre
Posts: 163
Joined: Wed May 28, 2014 1:56 pm

Re: Some Alerts Intermittently not firing in 2015R2.1

Post by Jklre »

jolson wrote:Jklre,
Setting an alert to have a threshold of '1' means that the log count must be greater than one for the alert to trigger. The syntax for defining your thresholds is as follows:

Code: Select all

Definition         Generate an alert if x...
10 	                    < 0 or > 10, (outside the range of {0 .. 10})
10: 	                    < 10, (outside {10 .. ∞})
~:10 	                    > 10, (outside the range of {-∞ .. 10})
10:20 	            < 10 or > 20, (outside the range of {10 .. 20})
@10:20 	            ≥ 10 and ≤ 20, (inside the range of {10 .. 20})
:shock: oh no. ok i need to change a few thousand alerts.
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Some Alerts Intermittently not firing in 2015R2.1

Post by jolson »

If you're interested in a bulk alert editor feature, I would be happy to open a feature request for you. Any idea on how you might like a feature like that implemented?
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Jklre
Posts: 163
Joined: Wed May 28, 2014 1:56 pm

Re: Some Alerts Intermittently not firing in 2015R2.1

Post by Jklre »

jolson wrote:If you're interested in a bulk alert editor feature, I would be happy to open a feature request for you. Any idea on how you might like a feature like that implemented?
That would come in handy. I think I already requested a bulk alert creation from you guys already. I just realized I can adapt a script I have to fix this for us so I don't die of boredom. :-)

Thanks
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Some Alerts Intermittently not firing in 2015R2.1

Post by jolson »

Sounds good to me! No problem. :)
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Locked

Return to “Nagios Log Server”