Hello. We have centeralized syslog server which collects logs from all servers for matching patterns with SEC and notify to master mointoring server(passive check) by nsca_send command.
(master) <-----notify--- / \ | (slave) (slave) (log server) Master doesn't do any active checking, and all checking is done by slaves now. but the state(Warning/Critical) set by nsca_send command automatically revert to OK state at own independant hourly intervals. (Watch lines marked with an asterisk.) I think these states have to remain unchanged until it is manually cleared by "submit check result" menu. Why this happen ? ----- sample log ------- *[12-06-2009 19:16:12] SERVICE ALERT: hostname;syslog_event;OK;HARD;1;. [12-06-2009 18:30:42] SERVICE ALERT: hostname;syslog_event;CRITICAL;HARD;1;security[success] 540 ...... * [12-06-2009 18:15:12] SERVICE ALERT: hostname;syslog_event;OK;HARD;1;. [12-06-2009 18:12:28] SERVICE ALERT: hostname;syslog_event;WARNING;HARD;1;security[success] 538 ...... *[12-06-2009 17:14:12] SERVICE ALERT: hostname;syslog_event;OK;HARD;1;. [12-06-2009 16:40:13] SERVICE ALERT: hostname;syslog_event;WARNING;HARD;1;security[success] ..... *[12-06-2009 16:13:17] SERVICE ALERT: hostname;syslog_event;OK;HARD;1;. [12-06-2009 16:10:57] SERVICE ALERT: hostname;syslog_event;WARNING;HARD;1;security[success] ..... *[12-06-2009 15:12:17] SERVICE ALERT: hostname;syslog_event;OK;HARD;1;. [12-06-2009 15:10:45] SERVICE ALERT: hostname;syslog_event;WARNING;HARD;1;security[success] .....
_______________________________________________ Opsview-users mailing list [email protected] http://lists.opsview.org/listinfo/opsview-users
