Need suggestion , how to manage syslog notifications
Posted: Thu Oct 01, 2015 9:27 am
Hi All,
Just need some suggestions on how to address a certain challenge I have got. Here is the scenario:
I have a syslog deamon which is receiving and processing syslog from a bunch of network devices and based on some pattern match criterion it will trigger a Nagios alert. So far so good all works well.
The problem I have is everytime the event occurs the syslog deamon sends the same message to Nagios Core and an alert is generated. But in some scenario this is generating far too many notifications.
The service is defined as a passive service and gets reset after 5 minutes using check_dummy.
Can I somehow do this based on the actual output of the service, so that it sends the alerts only if the service output has changed.
I see two possible options stalking and volatile which will be more suitable
Any other suggestions apart from telling me to buy Nagios reactor is welcome
Many Thanks
Arnab
Just need some suggestions on how to address a certain challenge I have got. Here is the scenario:
I have a syslog deamon which is receiving and processing syslog from a bunch of network devices and based on some pattern match criterion it will trigger a Nagios alert. So far so good all works well.
The problem I have is everytime the event occurs the syslog deamon sends the same message to Nagios Core and an alert is generated. But in some scenario this is generating far too many notifications.
The service is defined as a passive service and gets reset after 5 minutes using check_dummy.
Can I somehow do this based on the actual output of the service, so that it sends the alerts only if the service output has changed.
I see two possible options stalking and volatile which will be more suitable
Any other suggestions apart from telling me to buy Nagios reactor is welcome
Many Thanks
Arnab