Log USERNAME when DISABLING/ENABLING checks/notifications...

Daniel Wittenberg daniel.wittenberg.r0ko at statefarm.com
Fri Apr 6 07:48:14 CEST 2012

Previous message: Log USERNAME when DISABLING/ENABLING checks/notifications...
Next message: Log USERNAME when DISABLING/ENABLING checks/notifications...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We have issues with this as well. Maybe an option to log in micro epoch? I also wriote an event broker that opens a tcp connection to splunk and directly pipes all logging over, which allowed us to get around that issue but doing it in core would be nice.
Dan

From: Deepak Kosaraju [mailto:deepak.kosaraju1 at gmail.com]
Sent: Thursday, April 05, 2012 06:22 PM
To: Andreas Ericsson <ae at op5.se>
Cc: Nagios Developers List <nagios-devel at lists.sourceforge.net>
Subject: Re: [Nagios-devel] Log USERNAME when DISABLING/ENABLING checks/notifications...

Andreas
Thanks for the prompt reply, So when can we expect Nagios 4, where can I track the beta release schedules for Nagios.

When you are planning to change logging version it would be nice to look at the time [filed].

Here is the scenario: Between nagios and splunk,
As splunk indexer sees the event from forwarder, the indexer records the time based on the event time and converts that to HRT format, and as nagios log doesn't have anything to say 2 events happened with-in milli seconds time different splunk indexer is treating both events happened at the same time based on epoch timestamp.

Example:
[1333663803] HOST ALERT: devtest-d-a001-q;UP;SOFT;2;OK - 20.255.10.1: rta 0.619ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a002-q;UP;SOFT;2;OK - 20.255.10.2: rta 0.624ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a003-q;UP;SOFT;2;OK - 20.255.10.3: rta 0.647ms, lost 0%
[1333663803] HOST ALERT: devtest-d-a004-q;UP;SOFT;2;OK - 20.255.10.4: rta 0.609ms, lost 0%

Now splunk indexer indexes all these events seems to be happened at same time, but in reality they are happened with some milli seconds difference in time. The real challenge is Splunk Search results show all these as one pile of event happened rather then showing them as individual events. I gave 4 as example but think about 30 check happen at same time.

Its one of challenges we are have integrating between two smart tools nagios.log -> splunk engine, we couldn't get a break through on this.

With Regards
Deepak Kosaraju
www.kkdk.us<http://www.kkdk.us/>

On Apr 5, 2012, at 4:46 PM, Andreas Ericsson wrote:

On 04/05/2012 04:44 AM, Deepak Kosaraju wrote:
Hi All I don't know the technical reason why Nagios developers didn't
thought about this:

Because it can't be trusted, so it's not really worth anything. It
can be doable so it's trusted in future versions, and then we will
most likely add it. That can't be done until we change logging
version though, which most likely won't be done until Nagios 4. As a
consolation, Nagios 4 probably isn't that far off.

I know its not a standard syntax for Username to be as part of
DISABLING/ENABLING checks/notifications but it would be nice if your
team can start thinking about add it as feature in next releases of
Nagios.

Its really giving us HARD time to know who trigger the DISABLE and
ENABLE checks/notifications among the teams.

This should apply to BOTH: HOST/SERVICE type of DISABLE/ENABLE
external commands.

It's likely we add this to all external commands rather than just some
of them. It's easier to discard the information once it's there than it
is to figure it out after you realize you need it, and it makes the code
simpler and therefore faster and less prone to bugs.

--
Andreas Ericsson                   andreas.ericsson at op5.se<mailto:andreas.ericsson at op5.se>
OP5 AB                             www.op5.se<http://www.op5.se>
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20120406/9ec2bf59/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel

Previous message: Log USERNAME when DISABLING/ENABLING checks/notifications...
Next message: Log USERNAME when DISABLING/ENABLING checks/notifications...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list