Why duplicate false alert on with nagios agents.

[grayloglearn]

Hi Team,

As we all know that we have agents nscp for windows and nrpe for linux.
If anything happen on host. Due to shutdown or port communication we will get alerts for all services which are associated to host.
Why this is happening for nagios in agents. Can't we do suppress this issue.

If anything happen host end like agent in stop and port blocked and connection refused because of this why other services should show critical.
Can we mitigate this??

This issue is really little surprising for the customers/clients.

[cdienger]

You can disable this behavior with the following kb: https://support.nagios.com/kb/article.p ... tegory=164

[grayloglearn]

I understand that if any host is down nagios will not sent any notification by doing host_down_disable_service_checks=1


If host is up due to server freeze at the time agent not able to send the data to nagios server
That time also we get service check timed out and unknown alerts will genarate for this cases what we have to do.

Teams considering this is an false alerts at this time for each service we are getting unknown/critical alerts. How we can neglect all these

[mbellerue]

So the host is still "up" as it responds to pings, but all of the applications on the server are frozen because the server is crashed. Is that correct?

If so, you could use a different check in place of pings for your host check. You could have it check a specific service. Pings are used for host checks by default because they are very low impact. However, you can change the check to anything you would like. Would that help?

[grayloglearn]

so, you could use a different check in place of pings for your host check. You could have it check a specific service. Pings are used for host checks by default because they are very low impact. However, you can change the check to anything you would like. Would that help?


I did not understand above
My only concern is due to some reason agent stop state or server using more resources utilization.

At the time we get unknown/critical so I want avoid such alerts. We got multiple alerts because of server freeze or some other reason.

[mbellerue]

Oh, I think I understand now. You are saying if Nagios cannot reach the agent for some reason, that you should not get an alert for the services associated with that host. You should only get alerts if Nagios can communicate with the agent, and the agent provides a warning or a critical. Is that correct?

[grayloglearn]

Yes that's correct... How to avoid such alerts

[grayloglearn]

Anyone can help

[cdienger]

Check out https://support.nagios.com/kb/article.php?id=505 which goes over how Nagios can be configured to not run service checks if the host is down.

[grayloglearn]

I have checked for the above link that if for only when host is down we will not receive any service alerts.

But as mbellerue
Oh, I think I understand now. You are saying if Nagios cannot reach the agent for some reason, that you should not get an alert for the services associated with that host. You should only get alerts if Nagios can communicate with the agent, and the agent provides a warning or a critical. Is that correct?

If any agent is having issue with connection refused, port issue telnet issue it should not generate alert for all service it should generate only one alert saying as port connection issue.