I'm am having an issue with the SystemMonitoring package not opening tickets for alerts from GroundWork. It opens some and for other it does not. If I get a host down alert like below the new ticket is opened with no problem
GroundWork Host
PROBLEM Notification
Host: ATL02WMIPRX01 (192.168.6.127)
Host State: DOWN
Host Info: CRITICAL - 192.168.6.127: rta nan, lost 100%
Time: Wed Jun 27 14:12:37 EDT 2012
Host Notes:
But if a get an alert for just a service on the host going down a new ticket is not opened. Here is a sample of this alert message.
GroundWork Service
PROBLEM Notification
Host: ATL02WMIPRX01 (192.168.6.127)
Host State: UP
Service: wmi_service_VMTools
Service State: CRITICAL
Service Info: Critical - VMTools: Stopped
Time: Wed Jun 27 14:30:17 EDT 2012
Service Notes:
I'm using all the default all the default setting in SystemMonitoring -> Core::PostMaster with the exception of the FromAddressRegExp, which I changed to match the address the alert emails are being sent from. Looking in the logs it appears that the email is not creating a new ticket because it is looking at the just the Host State in the above email and not seeing the Service State.
OTRS-otrs.PostMasterMailbox.pl-10[4902]: [Notice][Kernel::System::PostMaster::Filter::SystemMonitoring::_LogMessage] SystemMonitoring Mail: Mail Dropped, no matching ticket found, no open on this state - Host: [1]ATL02WMIPRX01 (192.168.6.127) , State: UP, Service: [2]wmi_service_VMTools
OTRS-otrs.PostMasterMailbox.pl-10[4902]: [Notice][Kernel::System::PostMaster::Run] Ignored Email (From: "nagios@telemate.net" <nagios@telemate.net>, Message-ID: <953474.292389245-sendEmail@ols-gw01>) because the X-OTRS-Ignore is set (X-OTRS-Ignore: yes).
Anyone have any idea on how to get a new ticket opened for the second sample alert message above?
SystemMonitoring not opening tickets for some alerts
Moderator: crythias
-
bhujik
- Znuny newbie
- Posts: 2
- Joined: 27 Jun 2012, 20:57
- Znuny Version: 3.1.6
- Real Name: Brett Hujik
- Company: TeleMate.Net Software
Re: SystemMonitoring not opening tickets for some alerts
I have found a work around for now. I modified the alert emails from GroundWork for a service to bring the service information above the host information.
GroundWork Service
PROBLEM Notification
Service: [1]wmi_service_VMTools
Service State: CRITICAL
Service Info: Critical - VMTools: Stopped
Host: [2]ATL02WMIPRX01 (192.168.6.127)
Host State: UP
Time: Wed Jun 27 17:32:19 EDT 2012
Service Notes:
GroundWork Service
PROBLEM Notification
Service: [1]wmi_service_VMTools
Service State: CRITICAL
Service Info: Critical - VMTools: Stopped
Host: [2]ATL02WMIPRX01 (192.168.6.127)
Host State: UP
Time: Wed Jun 27 17:32:19 EDT 2012
Service Notes:
-
massimobianchi
- Znuny newbie
- Posts: 67
- Joined: 02 Apr 2012, 12:18
- Znuny Version: 3.1.14
- Real Name: Massimo Bianchi
- Company: NPO Sistemi S.p.A.
- Contact:
Re: SystemMonitoring not opening tickets for some alerts
Hi,
the problem is that you have two lines matiching "service".
I think OTRS is getting the first it receive.
I'm using this site to test the regexp: http://regexpal.com/ Maybe it can help you in writing the proper regexp.
the problem is that you have two lines matiching "service".
I think OTRS is getting the first it receive.
I'm using this site to test the regexp: http://regexpal.com/ Maybe it can help you in writing the proper regexp.
Massimo Bianchi
skype: massimo.bianchi
OTRS:3.1.14, ITSM:3.1.8, httpd, mysql, Centos 6.3 on X86_64
skype: massimo.bianchi
OTRS:3.1.14, ITSM:3.1.8, httpd, mysql, Centos 6.3 on X86_64
Re: SystemMonitoring not opening tickets for some alerts
yes, the module will stop after first match
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com