I've a problem with configuring actions correctly. (zabbix 1.8.5)
we have checks and triggers for different departments of our company.
so the departments should not get the alerts from the others - only there own.
I tought, the simplest way to do so, is to use "Trigger description" (Trigger Name).
Each Triggername has to have an uniq keyword at the beginning.
Our technical department has the most checks and triggers - so it would be very hard, to update our more than 2000 triggers.
so I want to exclude all the other "Trigger description" keywords.
but this doesn't work, because I need to configure the last part in brackets from E to J used with AND.
I also need the OR with A, B - so I cannot use "AND" for everything.
with this configuration "bug" the logic is not correct starting at E.
for example an alert with trigger name "support: website down", the server is not in maintenance and the severity ist high.
A will match = okay
C will match = okay
D will match = okay
E will match: "sales:" != "support:"
and it seems, as the check doesn't go on with F (this would be the right one) and stops in this point of the rule.
so the alert will get through but it shouldn't - that is the worse point
here is the whole configuration from my action:
(A or B) and (C) and (D) and (E or F or G or H or I)
(A) Trigger severity = "High"
(B) Trigger severity = "Disaster"
(C) Trigger value = "PROBLEM"
(D) Maintenance status not in "maintenance"
(E) Trigger description not like "sales:"
(F) Trigger description not like "support:"
(G) Trigger description not like "management:"
(H) Trigger description not like "projects:"
(I) Trigger description not like "supervisor:"
---------------------------------------------------
what I need would be like this:
(A or B) and (C) and (D) and (E and F and G and H and I)
but this is not possible in the webinterface.
has anyone any ideas?
is this a bug?
kind regards
max
we have checks and triggers for different departments of our company.
so the departments should not get the alerts from the others - only there own.
I tought, the simplest way to do so, is to use "Trigger description" (Trigger Name).
Each Triggername has to have an uniq keyword at the beginning.
Our technical department has the most checks and triggers - so it would be very hard, to update our more than 2000 triggers.
so I want to exclude all the other "Trigger description" keywords.
but this doesn't work, because I need to configure the last part in brackets from E to J used with AND.
I also need the OR with A, B - so I cannot use "AND" for everything.
with this configuration "bug" the logic is not correct starting at E.
for example an alert with trigger name "support: website down", the server is not in maintenance and the severity ist high.
A will match = okay
C will match = okay
D will match = okay
E will match: "sales:" != "support:"
and it seems, as the check doesn't go on with F (this would be the right one) and stops in this point of the rule.
so the alert will get through but it shouldn't - that is the worse point
here is the whole configuration from my action:
(A or B) and (C) and (D) and (E or F or G or H or I)
(A) Trigger severity = "High"
(B) Trigger severity = "Disaster"
(C) Trigger value = "PROBLEM"
(D) Maintenance status not in "maintenance"
(E) Trigger description not like "sales:"
(F) Trigger description not like "support:"
(G) Trigger description not like "management:"
(H) Trigger description not like "projects:"
(I) Trigger description not like "supervisor:"
---------------------------------------------------
what I need would be like this:
(A or B) and (C) and (D) and (E and F and G and H and I)
but this is not possible in the webinterface.
has anyone any ideas?
is this a bug?
kind regards
max
Comment