Hi everyone. I'm looking to integrate logstash, which processes our application logs, with icinga2. The general idea is to define an icinga2 service that goes to state critical (or warning) when a logstash encounters a log message with the relevant severity.
Setting this up (e.g. with NSCA) doesn't seem too difficult, but there's one point I'm confused about. What would be the proper way to reset the service back to an OK state? An icinga2 operator can *acknowledge* the critical state, but how should I approach the problem of making it green? To be sure I'm understood, my application logs contain logs about error *events* (as logs usually do), and not about *state transitions* (which is the natural icinga2 entity); my application doesn't emit a log message saying "everything's fine now". Should there be some sort of way to reset the service back to OK via the webui, for example? Or am I doomed to be in an "acknowledged critical" state forever? Thanks for your insights! Shay
_______________________________________________ icinga-users mailing list [email protected] https://lists.icinga.org/mailman/listinfo/icinga-users
