Re: [Nagios-devel] Log USERNAME when DISABLING/ENABLING
-
Guest
Re: [Nagios-devel] Log USERNAME when DISABLING/ENABLING
--Apple-Mail=_51CD9593-1864-4A0C-8D80-4DA242C4F020
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Andreas
Thanks for the prompt reply, So when can we expect Nagios 4, where can I =
track the beta release schedules for Nagios.=20
When you are planning to change logging version it would be nice to look =
at the time [filed].=20
Here is the scenario: Between nagios and splunk,
As splunk indexer sees the event from forwarder, the indexer records the =
time based on the event time and converts that to HRT format, and as =
nagios log doesn't have anything to say 2 events happened with-in milli =
seconds time different splunk indexer is treating both events happened =
at the same time based on epoch timestamp.=20
Example:
[1333663803] HOST ALERT: devtest-d-a001-q;UP;SOFT;2;OK - 20.255.10.1: =
rta 0.619ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a002-q;UP;SOFT;2;OK - 20.255.10.2: =
rta 0.624ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a003-q;UP;SOFT;2;OK - 20.255.10.3: =
rta 0.647ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a004-q;UP;SOFT;2;OK - 20.255.10.4: =
rta 0.609ms, lost 0%
Now splunk indexer indexes all these events seems to be happened at same =
time, but in reality they are happened with some milli seconds =
difference in time. The real challenge is Splunk Search results show all =
these as one pile of event happened rather then showing them as =
individual events. I gave 4 as example but think about 30 check happen =
at same time.=20
Its one of challenges we are have integrating between two smart tools =
nagios.log -> splunk engine, we couldn't get a break through on this.
With Regards
Deepak Kosaraju
www.kkdk.us
On Apr 5, 2012, at 4:46 PM, Andreas Ericsson wrote:
> On 04/05/2012 04:44 AM, Deepak Kosaraju wrote:
>> Hi All I don't know the technical reason why Nagios developers didn't
>> thought about this:
>>=20
>=20
> Because it can't be trusted, so it's not really worth anything. It
> can be doable so it's trusted in future versions, and then we will
> most likely add it. That can't be done until we change logging
> version though, which most likely won't be done until Nagios 4. As a
> consolation, Nagios 4 probably isn't that far off.
>=20
>> I know its not a standard syntax for Username to be as part of
>> DISABLING/ENABLING checks/notifications but it would be nice if your
>> team can start thinking about add it as feature in next releases of
>> Nagios.
>>=20
>> Its really giving us HARD time to know who trigger the DISABLE and
>> ENABLE checks/notifications among the teams.
>>=20
>> This should apply to BOTH: HOST/SERVICE type of DISABLE/ENABLE
>> external commands.
>>=20
>=20
> It's likely we add this to all external commands rather than just some
> of them. It's easier to discard the information once it's there than =
it
> is to figure it out after you realize you need it, and it makes the =
code
> simpler and therefore faster and less prone to bugs.
>=20
> --=20
> Andreas Ericsson [email protected]
> OP5 AB www.op5.se
> Tel: +46 8-230225 Fax: +46 8-230231
>=20
> Considering the successes of the wars on alcohol, poverty, drugs and
> terror, I think we should give some serious thought to declaring war
> on peace.
--Apple-Mail=_51CD9593-1864-4A0C-8D80-4DA242C4F020
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
AndreasThanks for the prompt reply, So when can we expect Nagios =
4, where can I track the beta release schedules for =
Nagios. When you are planning to change =
logging version it would be nice to look at the time =
[filed]. Here is the scenario: Between =
nagios and splunk,As splunk indexer sees the event from =
forwarder, the indexer records the time based on the event time and =
converts that to HRT format, and as nagios log do
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]