Suppress Unknown alerts

[RebeccaIlene]

Hi Team,

We receive a false alert for a service because of connectivity issues and want to suppress unknown false alerts.

Can you please let us know how this can be done?

[tgriep]

To disable all unknown email notifications for a user, they have to login to the XI interface and click on their username in the top right corner.
Click on the Notification Preferences menu and un-check the box for the Service Unknown: option and update the settings.

For a contact, go to the Core Config Manager > Contacts menu and edit the contact.
Click on the Alert Settings TAB and deselect the Unknown option in the Service Notification options section.

Save and Apply the Config.


For disabling Unknowns for a specific service, edit the service in the Core Config Manager > Service menu.
Click on the Alert Settings TAB and deselect the Unknown option in the Notification options section.

Save and Apply the Config.

Try it out and if you have any further questions, let us know.

[RebeccaIlene]

Thanks for your reply.

This is for disabling the notifications on Unknown alerts.

However, we are looking to disable unknown alerts for appearing for a service.

Some of the SSL Certificates which are being monitored because of packet dropping in network go to unknown sometimes and flap on the dashboard which can be quite annoying.

We are looking to suppress such unknown alerts as we only want it to shown on the dashboard if the certificate expires which is in 2022.

[tgriep]

What I posted earlier have instructions for disabling unknown notifications for a service, here they are again.

For disabling Unknowns for a specific service, edit the service in the Core Config Manager > Service menu.
Click on the Alert Settings TAB and deselect the Unknown option in the Notification options section.

Save and Apply the Config.


You can try and increase the timeout setting for the check to see if that helps out in the intermittent network issues.
To do that, go in to the Core Config Manager > Commands menu and edit the check_xi_service_http_cert command.
Change the command line to the following.
$USER1$/check_http -H $HOSTADDRESS$ -t 60 -C $ARG1$

Save and Apply the Config and see if that helps on the intermittent network issue and unknowns.

[RebeccaIlene]

We don't want to just disable notifications for unknown on this service or for the contacts.

We don't want it appearing on the dashboard entirely.

We have tried increasing the time period by setting the check period to two hours but this has not helped.

The unknown alert still comes up and because the check period is two hours it stays in unknown for two hours.

[tgriep]

Getting the unknowns to not show in the GUI is a little more difficult but it can be done.

The check_http plugin does not have the ability to suppress unknowns but you can use the negate plugin for that.

This document is designed to assist Nagios administrators in understanding and using the Negate plugin in Nagios® XI™.
The Negate plugin allows for any standard plugin output to be reversed and is very useful with hosts or services that are expected to be in a Critical or Warning state but you wish to show them as OK.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf


This is the option you want for the negate plugin
-u, --unknown=STATUS

STATUS can be 'OK', 'WARNING', 'CRITICAL' or 'UNKNOWN' without single
quotes. Numeric values are accepted. If nothing is specified, permutes
OK and CRITICAL.


So, to change the Unknown to OK for example.

Edit the check_xi_service_http_cert command.
Change the command line to the following.

Code: Select all

/usr/local/nagios/libexec/negate -u OK /usr/local/nagios/libexec/check_http -H $HOSTADDRESS$ -t 60 -C $ARG1$

Save and Apply the Config and the unknowns will be OK.