[Logcheck-devel] Bug#651319: ignore.d.server/nagios: SERVICE FLAPPING line doesn't allow whitespace

andrew bezella andrew at diatribes.org
Wed Dec 7 17:39:55 UTC 2011 

Package: logcheck-database
Version: 1.3.13
Severity: minor

in most cases whitespace is allowed in SERVICE names, but for the
SERVICE FLAPPING ALERT it is not.  using the cases where
whitespace is allowed as a template, i made the following change:

--- /etc/logcheck/ignore.d.server/nagios	2010-09-03 01:25:15.000000000 -0700
+++ /tmp/nagios	2011-12-07 09:34:25.000000000 -0800
@@ -16,7 +16,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: Nagios (1|2)\.[[:digit:]] starting\.\.\. \(PID=[[:digit:]]+\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: SERVICE ALERT: [._[:alnum:]-]+;[^;]+;(CRITICAL|WARNING|OK|UNKNOWN);(SOFT|HARD);.*$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: SERVICE ALERT: [[:alnum:]]+;PING;(WARNING|OK).*$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: SERVICE FLAPPING ALERT: [._[:alnum:]-]+;[._[:alnum:]-]+;(STARTED|STOPPED); Service appears to have (started|stopped) flapping \([[:digit:].]+% change (<|>=?) [.[:digit:]]+% threshold\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: SERVICE FLAPPING ALERT: [._[:alnum:]-]+;[^;]+;(STARTED|STOPPED); Service appears to have (started|stopped) flapping \([[:digit:].]+% change (<|>=?) [.[:digit:]]+% threshold\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: SERVICE NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;[^;]+;(ACKNOWLEDGEMENT \()?(CRITICAL|WARNING|OK|UNKNOWN)(\))?;.*$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: SERVICE NOTIFICATION: [._[:alnum:]-]+;[._[:alnum:]-]+;[^;]+;CRITICAL;.*$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nagios(2|3)?: Warning: Host '[[:alnum:]]+' has no services associated with it\!$

and that seems to have resolved the issue.

thank you for your time and effort!

	andy

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information

More information about the Logcheck-devel mailing list