| Cheshire Cat Computing http://steveshipway.org/forum/ |
|
| Passive alerts being picked up by multiple hosts in XI http://steveshipway.org/forum/viewtopic.php?f=22&t=8059 |
Page 1 of 1 |
| Author: | LordInfidel [ Mon Oct 01, 2012 3:12 pm ] |
| Post subject: | Passive alerts being picked up by multiple hosts in XI |
I scoured the forums for this one, and while I am sure it is something that I did wrong, hopefully this is a simple fix and not a discovered bug. I have a working nagios xi install and am attempting to get several windows servers event logs monitored. I have the agents and nsca agents sucesfully configured and I can see alerts coming in. Meaning it is configured on the windows side, and on the nagios xi side (where for each host I ran 2 monitoring wizards; 1 for the server itself and another for the event logs). Now, here is the fun part; Let's say I have 2 hosts being monitored, each with unique IP's and hostnames. On the windows side, I set up each nsca daemon with unique hostnames on each server. The only similarities between the two is the destination server/port and password/encyption. BUT~ and this is the kicker~, when I send a test event, BOTH passive agents on the nagios side picks up the alert as if it was their own and generates an email. If that did not make sense, let me re-explain. When I am on host #1 and I generate a test event, when it is sent to the nagios nsca daemon, both Host #1's and Host #2's monitoring picks up the alert and sends it out as if it was it's own. INstead of ONLY host #1 picking up and ownng the alert. If that was still unclear, I expect to get only 1 email about host 1, but I get 2 emails, 1 about host 1 and 1 about host 2. And the unique test message verbiage I put in showed up on both emails, so it was not a "fluke" I tried going into the core and manually setting the active/passive checks on it, but to no avail (manually forcing no active, forcing it to passive only). Same behavior. What in the world can I be missing? Its not like this is rocket science, it seems pretty straight forward.... But I am sure I borked something up and since it is late, I am just not seeing the solution. Thanks Mike |
|
| Author: | stevesh [ Tue Oct 02, 2012 10:14 am ] |
| Post subject: | Re: Passive alerts being picked up by multiple hosts in XI |
Can you get the logs from the nagios log file? These should indicate what external commands are being received, so you can tell if NSCA is sending only one notification (in which case it is a nagios behaviour) or if it is sending two (in which case, look at the nsca logs). If you get two external commands, then look at the nsca logs -- set it to higher logging, add xinetd logging if you're running via xinetd. See if two notifications come in from the agent or if only one comes in. Finally, the eventlog agent has a debug mode that can be set to show how it processes all messages, so you can see if it is sending out two. It is not clear, but are you running TWO instances on the eventlog agent on a single host? This is not supported and will not work as they would share the same configuration are in the registry. That might be the issue here. Another possiblity might be that you have strange characters (semicolon,tab) in the hostname. Unlikely but possible. There is also the possibility that you're on Win2k8 and using wide characters which are confusing things. |
|
| Author: | LordInfidel [ Tue Oct 02, 2012 11:30 am ] |
| Post subject: | Re: Passive alerts being picked up by multiple hosts in XI |
Hi steve, I think you mis-intereperted, but it may be a non-issue. I have 2 windows hosts; Host 1 and Host 2. Each host has a ~single~ nsca agent running on it. Not 2 agents. The singluar agent running on each hosts points to the nagios server to send alerts to. On the nagios side, host 1 and host 2 are configured as 2 different monitored hosts, and each monitored host within nagios has the passive event log add-on running. Now, when I generate a test event on host 1, Nagios sends me 2 emails; one from host 1 and one from host 2. But as I started out saying in this reply, it may be a non-issue; because 'normal' non-test alerts are coming thru as designed. Hosts 1's are hitting host 1's monitoring and nagios is associating it to only host 1. And the same for host 2. So it appears the bug only arises when you generate a test event from the gui on the windows side. Does that make sense now? I will look thru the nsca logs on the nagios side since that is where the problem is going to be; not on the windows side. The fact that under normal operations it is behaving correctly eases my mind a bit. MIke |
|
| Page 1 of 1 | All times are UTC + 12 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|