Grouping Alert Notifications

[byter]

I'm looking for a way to group services such that if a certain number of the services in that group change status, the alerts are grouped into a single alert. Any ideas on how to do something like this?

Say I'm monitoring about 200 different websites. If 1 or 2 of those websites change status, I want an individual alert for each of those sites that are having problems. But if something more systemic happens and all 200 of the sites go down, I don't want 200 alerts, just 1. I've tried to get around the need for this by using service/host dependencies. But in my environment some of the relationships are just too complicated to find and define all of the dependencies. Instead, it would be way more useful to create a service group called "Websites", and define alert behavior such that if more than 3 of those services have problems within 60 seconds, combine them into a single alert.

Any ideas?

[jsmurphy]

What you are looking for is commonly called a business process addon, there's a fairly good one named BPI that is standard in Nagios XI that does exactly what you're after. I'm not sure if it operates exactly the same for Nagios core but you can find it here:

http://exchange.nagios.org/directory/Ad ... 29/details

[lmiltchev]

@byter
Let us know if you have any more questions.

@jsmurphy
Thank you, John!

[neils123]

Hey folks, I have a related question. I'm looking for not just aggregation of alerts, but intelligent composite alerts for reporting purposes (the overall system is red if all 3 alerts are red, but if only 1, then the overall condition is only yellow - that sort of thing). I found BPI on Nagios Exchange, and I'm trying to install it, but it's just not working at all. I'm running Nagios Core 3.4.1. First off, the installation instructions for Core are completely wrong. They say:

Copy the entire nagiosbpi folder to the inside of your Nagios directory or your preferred location that is accessible by your webserver. (depends on your distribution).
cd /<your_nagiosbpi_location>/nagiosbpi
• Execute the permissions script as the root user:
chmod +x set_bpi_perms.sh
./set_bpi_perms.sh
• Edit the contents of the constants.conf file to match your directory locations. (Use absolute directory locations)
• Launch Nagios BPI from your web browser http://<yourserver>/nagios/nagiosbpi
• Start creating new bpi groups using the built-in configuration tools.

First, there is no set_bpi_perms.sh script. I just chown'd everything to be owned by the same user and group that owns all my other nagios stuff, so that's no biggie. Second, there is no constants.conf file at all. Have no idea what's supposed to be in there.

Last, and most importantly, when I try to go to my webserver/nagios/nagiosbpi, the UI fails because it can't find a php file that it needs to load that seems to be only in Nagios XI. I get the following error from the webserver:

Code: Select all

PHP Fatal error:  require_once() [<a href='function.require'>function.require</a>]: Failed opening required '/usr/local/nagios-3.4.1/share/nagiosbpi/../../common.inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/nagios-3.4.1/share/nagiosbpi/inc.inc.php on line 76

Looking into the index.php, I can see where it calls inc.inc.php, and looking into that file (on line 76), it tries to load a common.inc.php file that appears to be only for XI. Here are lines 75-79:

Code: Select all

//XI Specific stuff
require_once(dirname(__FILE__).'/../../common.inc.php');

// initialization stuff
pre_init();

Common.inc.php does not exist anywhere on my system, and I don't know where I'd get it or what I'd put in it, since I'm running Core. If I try to simply comment out that line, the following pre_init() call fails, with an error that it is an undefined function. Presumably, it's defined in common.inc.php.

So, after all that, my questions are, is BPI actually supposed to work in Nagios Core? Has _anyone_ gotten it to work under Core? If so, how? Is it really only supported under XI? If so, maybe someone should update the documentation and Exchange entry.

I apologize if this is in the wrong thread, but it seemed like this was a recent discussion that brought up BPI, so I figured this was as good a place as any. Thanks to anyone that can help.

[abrist]

Can you try commenting out the pre_init(); function call as well?

[neils123]

Hi. Thank you for your reply!

I tried commenting out pre_init() as you suggested, and it just fails at the next function call. Here's the code:

Code: Select all

//XI Specific stuff
// require_once(dirname(__FILE__).'/../../common.inc.php');

// initialization stuff
// pre_init();

if(CLI==false)
{
        // start session
        init_session();
        // grab GET or POST variables 
        grab_request_vars();
        // check prereqs
        check_prereqs();
        // check authentication
        check_authentication(false);
}
else {
        define('SUBSYSTEM',1);
        db_connect_all();

}

So as you see, I commented out pre_init, but then it goes into the CLI==false block, and fails on init_session. If I comment that out, it fails on grab_request_vars. If I comment out all those function calls, it breaks later on with "Call to undefined function get_option() in /usr/local/nagios-3.4.1/share/nagiosbpi/functions/bpi_functions.php on line 222".

On the other hand, if I comment out the code so that we avoid the CLI==false block and go straight through to the else clause, like so:

Code: Select all

//if(CLI==false) 
//{
//      // start session
//      init_session();
//      // grab GET or POST variables 
//      grab_request_vars();
//      // check prereqs
//      check_prereqs();
//      // check authentication
//      check_authentication(false);
//}
//else {
        define('SUBSYSTEM',1);
        db_connect_all();
//}

in that case, the whole thing segfaults and the browser just returns a 404. That also happens if I comment out the else clause (so that there's nothing left of that if statement at all). I'm honestly confused, because after some more investigation on this site, it appears as though there were some Core users who genuinely got it working as recently as 10 or so months ago, but now it doesn't want to seem to run without that common.inc.php. Did BPI change recently to drop Core support? I appreciate any additional help you can provide!

[abrist]

This is odd, as the last version on the exchange site: http://exchange.nagios.org/directory/Ad ... 29/details
was released on 2011-07-19 . . .

You could try downloading the XI source and grabbing the necessary php files:
http://library.nagios.com/library/produ ... loads/main

[neils123]

I too find it odd. I've downloaded that source package, and I will see if I can get it to work on Monday.

[scottwilkerson]

I believe that somehow the exchange listing has the wrong zip (sorry )

Attached is a different zip that has the appropriate version (this is what we use in the core VM's)

Code: Select all

unzip nagiosbpi.zip
cd nagiosbpi
chmod +x install

edit line 4 of install to match your installation directory

Then

Code: Select all

./install

[neils123]

Wow, thank you for that! So glad you posted that before I got a chance to start hacking things up with XI source. I will try again with this new package hopefully this afternoon.