Nagios Support Forum

Using Nagios XI 2014R2.6
I created a report for the last 24 hours to receive a listing of the top alert producers and noticed that we had one SSL cert check that was in warning being viewed as an alert. We don't have warnings configured to send out alerts so why is the service showing up in the top alert producers list? This is misleading.

Can you post the service definition for the service in question for us to take a look at?

This is the default top alert producers link which exists on the left hand side. I haven't delved deep into how this is produced as I have no idea where to look.

The service definition I'm refering to is the one you're using for your 'SSL cert check'. Can you post that?

check_xi_service_http_cert
$USER1$/check_http -H $HOSTADDRESS$ -C $ARG1$
check command

/usr/local/nagios/libexec/check_http -H servername -C 60,30
WARNING - Certificate 'servername' expires in 42 day(s) (Wed 10 Feb 2016 11:59:00 PM CST).

That looks like the check command, can you find the service definition for the service that uses that SSL check?

Is this what you are looking for? Notification options?

define service {
host_name <servername>
service_description SSL Certificate
use xiwizard_website_http_cert_service_24x7
servicegroups SSL_Certificate
check_command check_xi_service_http_cert!60,30!!!!!!!
max_check_attempts 3
check_interval 3
retry_interval 1
active_checks_enabled 1
passive_checks_enabled 1
check_period xi_timeperiod_24x7
check_freshness 1
freshness_threshold 300
event_handler_enabled 1
flap_detection_enabled 1
flap_detection_options o,w,c,u,
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
notification_interval 30
first_notification_delay 0
notification_period xi_timeperiod_24x7
notification_options c,u,r,f,
notifications_enabled 1
contact_groups <admins>
_xiwizard <24x7 web monitoring>
register 1
}

When Nagios sees a state change (having a service change from OK, CRIT, or WARN) that is called an alaert, a notification is then generated off of the alert.

I think there has been a confusion of what the Top Alert Producers reports based off of. Has this provided clarification?

Ah! Yes it has. Top alert producers to some extent is misleading and should probably be called top state changes. I want a report that only has critical alert notifications that were sent in our environment. I am assuming that this is not possible?

I want a report that only has critical alert notifications that were sent in our environment. I am assuming that this is not possible?

Go to Reports->Notifications, type "CRITICAL" in the "Search" bar, and click on "Run". Click on the "Schedule this Report" link.

Did this help?