We use lots of file checksum checks for things like apache configs, password files, etc. to watch for any changes by various admins or customers. We trigger on the checksum changing from the previous value.
This is great and we get a trigger. But the trigger goes away when the next check happens, such as an hour later. We can use an avg() type function to lengthen this for as many checks as we want.
But I really want to latch it on until I manually turn it off. This is because some times I want it on until Monday morning so we can review it, but other times I want it off now because we know the reason the file changed and want the alert off the dashboard.
The only thing I can think of is some type of secondary item with hysteresis and then some manual setting of that item (via a php page and sender, etc.)
Any ideas as large-scale monitor of dozens of files on thousands of hosts seems to need something like this for sanity - I can think of other non-file uses, too.
This is great and we get a trigger. But the trigger goes away when the next check happens, such as an hour later. We can use an avg() type function to lengthen this for as many checks as we want.
But I really want to latch it on until I manually turn it off. This is because some times I want it on until Monday morning so we can review it, but other times I want it off now because we know the reason the file changed and want the alert off the dashboard.
The only thing I can think of is some type of secondary item with hysteresis and then some manual setting of that item (via a php page and sender, etc.)
Any ideas as large-scale monitor of dozens of files on thousands of hosts seems to need something like this for sanity - I can think of other non-file uses, too.