Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

syslog events are creating notifications and disregarding rules in place

Description

when syslog messages come in to opennms from a device that doesn't exist in opennms, a notification is generated.  This results in a large number of notification and pages being sent out when new devices are turned up which are not in opennms.

Environment

centOS 7

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Chandra Gorantla January 24, 2019 at 5:12 PM

Alejandro Galue November 30, 2018 at 2:31 PM

To provide more details about how to reproduce the problem based on the discussion under the support ticket, the idea is to define a notification (including destination path and everything), for an event associated with a syslog message. Inside this notification definition, apply a filter based on categories; for example:

<notification name="Syslog-F10-bgpDown" status="on" writeable="yes"> <uei>uei.opennms.org/syslog/ftos/bgpDown</uei>    <rule>(catincS-Production and catincR-DirectConnect)</rule>    <destinationPath>NetOps-Urgent</destinationPath>    <text-message>%noticeid% - %nodelabel% - %parm[ipAddress]% - BGP on vrf %parm[vrfName]% is %parm[bgpState]% </text-message>    <subject>Notice #%noticeid% - %nodelabel% - BGP on vrf %parm[vrfName]% is %parm[bgpState]% </subject>    <numeric-message>%noticeid% : %nodelabel% : %parm[ipAddress]% : BGP on vrf %parm[vrfName]% is %parm[bgpState]% </numeric-message> </notification>

Of course, and event definition for uei.opennms.org/syslog/ftos/bgpDown is required, but the content is irrelevant as long as it is persisted to trigger the notification.

Clearly the definition says that when this event comes in and the node behind the IP address associated with the incoming message belongs to the category "S-Production" and also "R-DirectConnect", the notification should be sent to the NetOps-Urgent destination path.

The problem is, the syslog messages are coming from nodes that are not actively monitored by OpenNMS (they don't exist on the database), so obviously the IPs will never be associated with nodes that belong to these 2 categories. Although, the notifications are being sent, which is completely unexpected.

Alejandro Galue November 30, 2018 at 2:25 PM

This issue has been opened by a customer, regarding a problem reported on the following support ticket:

https://mynms.opennms.com/Ticket/Display.html?id=5905

Fixed

Details

Assignee

Reporter

Labels

Components

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created November 30, 2018 at 2:20 PM
Updated February 6, 2019 at 10:52 AM
Resolved February 6, 2019 at 10:52 AM

Flag notifications