Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Email alert if any monitor turns red
#1
I have recently started using Pandora FMS, and am very impressed so far.

I like the facility to send alerts when certain conditions occur.

However - I plan to have 100's of monitors operational. I don't want to configure and manage a separate alert for each individual monitor.

How do I configure a single alert, that will fire when *any* of the 100 or so monitors turns red?

Thanks - Technoid
 Reply
#2
You cannot do that, you have to define an alert for each monitor. Sorry mate!
 Reply
#3
You can add it to the feature's request :-D

Raúl
 Reply
#4
Quote:[cite]Posted By: Technoid Techman[/cite][p]I have recently started using Pandora FMS, and am very impressed so far.[/p][p]I like the facility to send alerts when certain conditions occur.[/p][p]However - I plan to have 100's of monitors operational. I don't want to configure and manage a separate alert for each individual monitor.[/p][p]How do I configure a single alert, that will fire when *any* of the 100 or so monitors turns red?[/p][p]Thanks - Technoid[/p]

You also can define a single alert in a module and propagate to the other 99 agents. If the data limits to "watch" are the same, the alarm should be the same. It's very easy with the included module/alert duplication tool in the console.
 Reply
#5
I figured out a way to make this happen, by working through the various database tables in the MySQL repository.

Brief outline:
Write an SQL statement which will look in the database and pull out all monitor values, and count the number which are in an 'alert' state.
On the actual Pandora server, create a monitor which watches the results from the SQL statement.
Create an email alert which operates when the monitor sees anything move to 'alert' state.

SQL statement:
Code:
SELECT warning
FROM
(
SELECT agnt.id_agente_modulo, agnt.id_agente, agnt.descripcion, dat.datos,
       dat.timestamp, srv.nombre,
       CASE dat.datos WHEN 0 THEN 'WARNING' ELSE NULL END warning
FROM `tagente_modulo` agnt
INNER JOIN `ttipo_modulo` module ON agnt.id_tipo_modulo = module.id_tipo
INNER JOIN (SELECT MAX(id_agente_datos) max_data, id_agente_modulo
            FROM `tagente_datos` dat
            GROUP BY id_agente_modulo) big_dat ON (big_dat.id_agente_modulo = agnt.id_agente_modulo)
INNER JOIN `tagente_datos` dat ON (big_dat.max_data = dat.id_agente_datos)
INNER JOIN `tagente` srv ON (srv.id_agente = agnt.id_agente)
WHERE module.nombre = 'generic_proc'
  AND srv.nombre <> 'PANDORA'
ORDER BY agnt.id_agente, agnt.id_agente_modulo
) warn
WHERE warning IS NOT NULL
GROUP BY warning

I cannot say whether this is 100% accurate... but I'm testing it with various scenarios, and it seems good so far. Note that we must exclude the Pandora monitor, otherwise we could get false positives. This is why we have the srv.nombre <> 'PANDORA' clause.

At this point, I don't care which of the monitors has fired. I just want to be told that 'something is wrong' with my infrastructure.

How do we monitor it?
The SQL statement will return no rows if there are no 'alerts' right now. If there are one or more 'alerts', it will return rows. So we simply need to run the SQL script via an agent monitor, and count how many rows are returned.

Save the SQL script somewhere on the server. I put mine in the /home/pandora/ directory.

The agent monitor command looks like this:

Code:
# Run mysql script to look for modules in Warning state, and report back via line count
module_begin
module_name Urgent Warning
module_type generic_proc
module_exec mysql -N -upandora -ppandora pandora < /home/pandora/pandora_check.sql | wc -l | gawk '{ print ($1 > 0) ? 0 : 1 }'
module_description Software Science Infrastructure Warning
module_end

For the mysql statement, we have command line options as follows:
-N = Don't output coloumn headings.
-u = The database username
-p = The database password
pandora = The database schema to work with

I watch this every 60 seconds through a normal Pandora alert.

If the alert fires, it then sends me an email. There is, of coruse, a lag in an alert occurring and the email being fired. But that can be tuned by adjusting the agent configurations on the various servers.
 Reply
#6
Wow... that is really a great SQL query. I will write this in our wiki.

Thanks !
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes