Log USERNAME when DISABLING/ENABLING checks/notifications...

Deepak Kosaraju deepak.kosaraju1 at gmail.com
Fri Apr 6 00:22:06 CEST 2012


Andreas
Thanks for the prompt reply, So when can we expect Nagios 4, where can I track the beta release schedules for Nagios. 

When you are planning to change logging version it would be nice to look at the time [filed]. 

Here is the scenario: Between nagios and splunk,
As splunk indexer sees the event from forwarder, the indexer records the time based on the event time and converts that to HRT format, and as nagios log doesn't have anything to say 2 events happened with-in milli seconds time different splunk indexer is treating both events happened at the same time based on epoch timestamp. 

Example:
[1333663803] HOST ALERT: devtest-d-a001-q;UP;SOFT;2;OK - 20.255.10.1: rta 0.619ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a002-q;UP;SOFT;2;OK - 20.255.10.2: rta 0.624ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a003-q;UP;SOFT;2;OK - 20.255.10.3: rta 0.647ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a004-q;UP;SOFT;2;OK - 20.255.10.4: rta 0.609ms, lost 0%

Now splunk indexer indexes all these events seems to be happened at same time, but in reality they are happened with some milli seconds difference in time. The real challenge is Splunk Search results show all these as one pile of event happened rather then showing them as individual events. I gave 4 as example but think about 30 check happen at same time. 

Its one of challenges we are have integrating between two smart tools nagios.log -> splunk engine, we couldn't get a break through on this.

With Regards
Deepak Kosaraju
www.kkdk.us

On Apr 5, 2012, at 4:46 PM, Andreas Ericsson wrote:

> On 04/05/2012 04:44 AM, Deepak Kosaraju wrote:
>> Hi All I don't know the technical reason why Nagios developers didn't
>> thought about this:
>> 
> 
> Because it can't be trusted, so it's not really worth anything. It
> can be doable so it's trusted in future versions, and then we will
> most likely add it. That can't be done until we change logging
> version though, which most likely won't be done until Nagios 4. As a
> consolation, Nagios 4 probably isn't that far off.
> 
>> I know its not a standard syntax for Username to be as part of
>> DISABLING/ENABLING checks/notifications but it would be nice if your
>> team can start thinking about add it as feature in next releases of
>> Nagios.
>> 
>> Its really giving us HARD time to know who trigger the DISABLE and
>> ENABLE checks/notifications among the teams.
>> 
>> This should apply to BOTH: HOST/SERVICE type of DISABLE/ENABLE
>> external commands.
>> 
> 
> It's likely we add this to all external commands rather than just some
> of them. It's easier to discard the information once it's there than it
> is to figure it out after you realize you need it, and it makes the code
> simpler and therefore faster and less prone to bugs.
> 
> -- 
> Andreas Ericsson                   andreas.ericsson at op5.se
> OP5 AB                             www.op5.se
> Tel: +46 8-230225                  Fax: +46 8-230231
> 
> Considering the successes of the wars on alcohol, poverty, drugs and
> terror, I think we should give some serious thought to declaring war
> on peace.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20120405/1ac90d38/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel


More information about the Developers mailing list