<br><tt><font size=2><br>
<br>
> -----BEGIN PGP SIGNED MESSAGE-----<br>
> Hash: SHA1<br>
> <br>
> mark.potter@academy.com wrote:<br>
> <br>
> > I have looked through the docs and the list and this seems right
but I<br>
> > would like some confirmation before I implement service and host<br>
> > escalations. The situation is this: I have been tasked with getting
a<br>
> > single email to helpdesk (they do email to ticket) per Nagios
alert and<br>
> > no more. They don't want recovery or further notifications. This
is the<br>
> > first one I have written for a group of webservers:<br>
> > <br>
> > define serviceescalation {<br>
> > host_name
<br>
> > plwsweb01,plwsweb02,plwsweb03,plwsweb05,plwsweb06<br>
> > service_description
Apache - Maximum Connections<br>
> > Check,HTTP - Port 80 Check - Production Systems,Ping - Simple
Ping Check<br>
> > - Production<br>
> > contact_groups
helpdesk,sysalertsinfra<br>
> > first_notification
1<br>
> > last_notification
1<br>
> > notification_interval
30<br>
> > }<br>
> > <br>
> > According to my understanding, and I could be wrong, this will
send the<br>
> > first notification to groups (helpdesk and sysalertsinfra) and
the rest,<br>
> > if I define no further escalations, will go the default contact
for that<br>
> > group.<br>
> > <br>
> <br>
> - From what you have specified here, the first and last notification
will<br>
> go on this escalation to the contact_group you have listed. Since
you<br>
> don't have the escalation options (w,u,c,r) listed, it will send the<br>
> alerts based off of whatever you have specified in the service<br>
> configuration definition.<br>
> <br>
> You would need to make sure you have this listed if you only want
your<br>
> escalation to send the critical.<br>
> <br>
> escalation_options c<br>
> <br>
> Although, if you only want one page to go out on critical, then I<br>
> wouldn't mess with the escalation at all. I would specify the service
to<br>
> only notifiy you once, and only once on a critical back in your service<br>
> definition.<br>
> <br>
> <br>
> Generally, you would use escalations like I explain here:<br>
> <br>
> I use RT (Request Tracker) to receive alerts from Nagios. The first<br>
> notification defined through the service definition goes to my alarms<br>
> group. This sends notification to RT, my pager, and my bosses pager.<br>
> <br>
> I then escalate the second notification, such as listed below, to
only<br>
> go to my pager and my bosses pager every 60 minutes forever until
one of<br>
> us responds.<br>
> <br>
> > 1. Are the multiple services/hosts allowed here?<br>
> <br>
> Yes. You can use hostgroupescalations:<br>
> <br>
> define hostescalation{<br>
> hostgroup_name
corp-monitors<br>
> first_notification 2<br>
> last_notification
0<br>
> notification_interval 60<br>
> contact_groups
itproblems<br>
> }<br>
> <br>
> > 2. Is there a better way to do this?<br>
> <br>
> That depends on what you're trying or wanting to do. Hostgroup<br>
> escalations just saves you typing time if you want to escalate based
on<br>
> hostgroups.<br>
> <br>
> Services you won't be able to do in multiples, so you'll have to setup
a<br>
> service escalation for each service on each host.<br>
> <br>
> Hope this helps you a bit.<br>
> <br>
Max,</font></tt>
<br>
<br><tt><font size=2>That works pretty well actually. I will add everyone
that needs to get the first notification to the proper group and then escalate
as you have shown. The logic you provided makes more sense than trying
to capture to the first and only the first notification. Thanks so much
for your help.</font></tt>