NAME¶
alerts.cfg - Configuration for for xymond_alert module
SYNOPSIS¶
~xymon/server/etc/alerts.cfg
DESCRIPTION¶
The alerts.cfg file controls the sending of alerts by Xymon when monitoring
detects a failure.
The configuration file consists of
rules, that may have one or more
recipients associated. A recipient specification may include additional
rules that limit the circumstances when this recipient is eligible for
receiving an alert.
Blank lines and lines starting with a hash mark (#) are treated as comments and
ignored. Long lines can be broken up by putting a backslash at the end of the
line and continuing the entry on the next line.
RULES¶
A rule consists of one of more filters using these keywords:
PAGE=targetstring Rule matching an alert by the name of the page in
Xymon. This is the path of the page as defined in the hosts.cfg file. E.g. if
you have this setup:
-
page servers All Servers
subpage web Webservers
10.0.0.1 www1.foo.com
subpage db Database servers
10.0.0.2 db1.foo.com
Then the "All servers" page is found with
PAGE=servers, the
"Webservers" page is
PAGE=servers/web and the "Database
servers" page is
PAGE=servers/db. Note that you can also use
regular expressions to specify the page name, e.g.
PAGE=%.*/db would
find the "Database servers" page regardless of where this page was
placed in the hierarchy.
The PAGE name of top-level page is an empty string. To match this, use
PAGE=%^$ to match the empty string.
EXPAGE=targetstring Rule excluding an alert if the pagename matches.
DISPLAYGROUP=groupstring Rule matching an alert by the text of the
display-group (text following the group, group-only, group-except heading) in
the hosts.cfg file. "groupstring" is the text for the group,
stripped of any HTML tags. E.g. if you have this setup:
-
group Web
10.0.0.1 www1.foo.com
10.0.0.2 www2.foo.com
group Production databases
10.0.1.1 db1.foo.com
Then the hosts in the Web-group can be matched with
DISPLAYGROUP=Web, and
the database servers can be matched with
DISPLAYGROUP="Production
databases". Note that you can also use regular expressions, e.g.
DISPLAYGROUP=%database. If there is no group-setting for the host, use
"DISPLAYGROUP=NONE".
EXDISPLAYGROUP=groupstring Rule excluding a group by matching the
display-group string.
HOST=targetstring Rule matching an alert by the hostname.
EXHOST=targetstring Rule excluding an alert by matching the hostname.
SERVICE=targetstring Rule matching an alert by the service name.
EXSERVICE=targetstring Rule excluding an alert by matching the service
name.
GROUP=groupname Rule matching an alert by the group name. Groupnames are
assigned to a status via the GROUP setting in the analysis.cfg file.
EXGROUP=groupname Rule excluding an alert by the group name. Groupnames
are assigned to a status via the GROUP setting in the analysis.cfg file.
CLASS=classname Rule matching an alert by the class that the host belongs
to. By default, the classname is the operating system name; you can set
another class either in
hosts.cfg(5) using the CLASS tag, or a client
running on the server can set the class (via a parameter to the client
startup-script).
EXCLASS=classname Rule excluding an alert by the class name.
COLOR=color[,color] Rule matching an alert by color. Can be
"red", "yellow", or "purple". The forms
"!red", "!yellow" and "!purple" can also be used
to NOT send an alert if the color is the specified one.
TIME=timespecification Rule matching an alert by the time-of-day. This is
specified as the DOWNTIME timespecification in the hosts.cfg file.
DURATION>time, DURATION<time Rule matcing an alert if the event has
lasted longer/shorter than the given duration. E.g. DURATION>1h (lasted
longer than 1 hour) or DURATION<30 (only sends alerts the first 30
minutes). The duration is specified as a number, optionally followed by 'm'
(minutes, default), 'h' (hours) or 'd' (days).
RECOVERED Rule matches if the alert has recovered from an alert state.
NOTICE Rule matches if the message is a "notify" message. This
type of message is sent when a host or test is disabled or enabled.
The "targetstring" is either a simple pagename, hostname or
servicename, OR a '%' followed by a Perl-compatible regular expression. E.g.
"HOST=%www(.*)" will match any hostname that begins with
"www". The same for the "groupname" setting.
RECIPIENTS¶
The recipients are listed after the initial rule. The following keywords can be
used to define recipients:
MAIL address[,address] Recipient who receives an e-mail alert. This takes
one parameter, the e-mail address. The strings "&host&",
"&service&" and "&color&" in an address
will be replaced with the hostname, service and color of the alert,
respectively.
SCRIPT /path/to/script recipientID Recipient that invokes a script. This
takes two parameters: The script filename, and the recipient that gets passed
to the script. The strings "&host&",
"&service&" and "&color&" in the
recipientID will be replaced with the hostname, service and color of the
alert, respectively.
IGNORE This is used to define a recipient that does NOT trigger any
alerts, and also terminates the search for more recipients. It is useful if
you have a rule that handles most alerts, but there is just that one
particular server where you don't want cpu alerts on Monday morning. Note that
the IGNORE recipient always has the STOP flag defined, so when the IGNORE
recipient is matched, no more recipients will be considered. So the location
of this recipient in your set of recipients is important.
FORMAT=formatstring Format of the text message with the alert. Default is
"TEXT" (suitable for e-mail alerts). "PLAIN" is the same
as text, but without the URL link to the status webpage. "SMS" is a
short message with no subject for SMS alerts. "SCRIPT" is a brief
message template for scripts.
REPEAT=time How often an alert gets repeated. As with DURATION, time is a
number optionally followed by 'm', 'h' or 'd'.
UNMATCHED The alert is sent to this recipient ONLY if no other recipients
received an alert for this event.
STOP Stop looking for more recipients after this one matches. This is
implicit on IGNORE recipients.
Rules You can specify rules for a recipient also. This limits the alerts
sent to this particular recipient.
MACROS¶
It is possible to use
macros in the configuration file. To define a
macro:
$MYMACRO=text extending to end of line
After the definition of a macro, it can be used throughout the file. Wherever
the text $MYMACRO appears, it will be substituted with the text of the macro
before any processing of rules and recipients.
It is possible to nest macros, as long as the macro is defined before it is
used.
ALERT SCRIPTS¶
Alerts can go out via custom scripts, by using the SCRIPT keyword for a
recipient. Such scritps have access to the following environment variables:
BBALPHAMSG The full text of the status log triggering the alert
ACKCODE The "cookie" that can be used to acknowledge the alert
RCPT The recipientID from the SCRIPT entry
BBHOSTNAME The name of the host that the alert is about
MACHIP The IP-address of the host that has a problem
BBSVCNAME The name of the service that the alert is about
BBSVCNUM The numeric code for the service. From the SVCCODES definition.
BBHOSTSVC HOSTNAME.SERVICE that the alert is about.
BBHOSTSVCCOMMAS As BBHOSTSVC, but dots in the hostname replaced with
commas
BBNUMERIC A 22-digit number made by BBSVCNUM, MACHIP and ACKCODE.
RECOVERED Is "0" if the service is alerting, "1" if
the service has recovered, "2" if the service was disabled.
EVENTSTART Timestamp when the current status (color) began.
SECS Number of seconds the service has been down.
DOWNSECSMSG When recovered, holds the text "Event duration : N"
where N is the DOWNSECS value.
CFID Line-number in the alerts.cfg file that caused the script to be
invoked. Can be useful when troubleshooting alert configuration rules.
SEE ALSO¶
xymond_alert(8),
xymond(8),
xymon(7), the "Configuring Xymon Alerts"
guide in the Online documentation.