Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

False alerts on nothing being found (again)

https://support.nagios.com/forum/viewtopic.php?t=61768

Page 1 of 1

False alerts on nothing being found (again)

Posted: Tue Feb 23, 2021 4:19 am
by connected
The issues described at https://support.nagios.com/forum/viewto ... 38&t=61693 is happening again.
The same already deleted alert is sending e-mails again since 23-02-2021 00:10 UTC+1

I executed the following commands at 08:46 UTC+1 but still receiving alerts.

Code: Select all

curl -XGET 'localhost:9200/nagioslogserver/alert/_search?q=_id:AWSD132lSptOOhacSd9u&pretty'
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  },
  "hits" : {
    "total" : 0,
    "max_score" : null,
    "hits" : [ ]
  }
}


curl -XDELETE 'localhost:9200/nagioslogserver/alert/_search?q=_id:AWSD132lSptOOhacSd9u&pretty'

{
  "found" : false,
  "_index" : "nagioslogserver",
  "_type" : "alert",
  "_id" : "_search",
  "_version" : 1
}

curl -XDELETE 'localhost:9200/nagioslogserver_history'

Re: False alerts on nothing being found (again)

Posted: Wed Feb 24, 2021 9:57 am
by scottwilkerson
It is very odd. I'd like to get a fresh copy of the nagioslogserver index as well as nagioslogserver_history:

Code: Select all

curl -XPOST http://localhost:9200/nagioslogserver/_export?path=/tmp/nagioslogserver.tar.gz
curl -XPOST http://localhost:9200/nagioslogserver_history/_export?path=/tmp/nagioslogserver_history.tar.gz

Re: False alerts on nothing being found (again)

Posted: Wed Feb 24, 2021 3:20 pm
by scottwilkerson
What time was the alert deleted?

Re: False alerts on nothing being found (again)

Posted: Thu Feb 25, 2021 3:33 am
by connected
I executed the following commands at 08:46 UTC+1

Re: False alerts on nothing being found (again)

Posted: Thu Feb 25, 2021 12:57 pm
by scottwilkerson
After a quite a bit of research and digging, it appears that one of our techs had a VM running with your configuration on it from helping debug another issue, and I believe that it was sending the messages.

They have decommissioned this server and I am guessing will solve the issue

Re: False alerts on nothing being found (again)

Posted: Thu Feb 25, 2021 3:39 pm
by connected
Hi Scott,

That might very well be the peculiar case. :lol:
Looking at the headers of the e-mail it's coming from Comcast Cable Communications, which we are not.
We have limited filters on the receiving mailbox to make sure to receive all alerts from all systems we have.
The mailing indeed stopped now. Thanks for finding the issue!

Re: False alerts on nothing being found (again)

Posted: Thu Feb 25, 2021 3:41 pm
by scottwilkerson
connected wrote:Hi Scott,

That might very well be the peculiar case. :lol:
Looking at the headers of the e-mail it's coming from Comcast Cable Communications, which we are not.
We have limited filters on the receiving mailbox to make sure to receive all alerts from all systems we have.
The mailing indeed stopped now. Thanks for finding the issue!
Awesome...

Locking thread
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited