Hello All,
I'm attempting to get a trigger working that currently isn't doing what I'd like. I have a monitored log file on two different servers that monitor a related clustered service. As a check to make sure a connection to a partner is up, they are monitored for uptime traffic. The problem is that I have no control over which direction the traffic goes.
I have 4 log items monitored, and I'd like a master trigger to go off if all 4 monitored log items go into error state, not receiving any traffic for 15 minutes.
Any one of these log triggers works, but my master trigger goes off as well. The master trigger check is currently defined like this…
{app1:log[/var/log/kannel/access.log,Receive.*?att_stc,,,,].nodata(900)}=0 & {app1:log[/var/log/kannel/access.log,Receive.*?att_vtc,,,,].nodata(900)}=0 & {kannel00.sac.3si:log[/var/log/kannel/access.log,Receive.*?att_stc,,,,].nodata(900)}=0 & {kannel00.sac.3si:log[/var/log/kannel/access.log,Receive.*?att_vtc,,,,].nodata(900)}=0
Any advice would be appreciated.
I'm attempting to get a trigger working that currently isn't doing what I'd like. I have a monitored log file on two different servers that monitor a related clustered service. As a check to make sure a connection to a partner is up, they are monitored for uptime traffic. The problem is that I have no control over which direction the traffic goes.
I have 4 log items monitored, and I'd like a master trigger to go off if all 4 monitored log items go into error state, not receiving any traffic for 15 minutes.
Any one of these log triggers works, but my master trigger goes off as well. The master trigger check is currently defined like this…
{app1:log[/var/log/kannel/access.log,Receive.*?att_stc,,,,].nodata(900)}=0 & {app1:log[/var/log/kannel/access.log,Receive.*?att_vtc,,,,].nodata(900)}=0 & {kannel00.sac.3si:log[/var/log/kannel/access.log,Receive.*?att_stc,,,,].nodata(900)}=0 & {kannel00.sac.3si:log[/var/log/kannel/access.log,Receive.*?att_vtc,,,,].nodata(900)}=0
Any advice would be appreciated.