Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Professional Edition
-
Observium v17.2.8356, example device is a Cisco 9372PX on 7.0(3)I3(1) - but this issue occurs on all syslog rule notifications.
Description
Example syslog messages received by Observium:
2017 Mar 1 08:57:48 MST: %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/20 is down (Administratively down)
2017 Mar 1 08:57:48 MST: %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by username_lol on ipaddress_lol@pts/0
I have rules built for /ETHPORT-5-IF/ and /VSHD-5-VSHD/. Upon receipt of the syslog message, Observium immediately generates a syslog alert. Once the alert sends, I've noticed several odd behaviors:
- When the syslog alert process sends a notification e-mail, it also attempts to email several numbered e-mail addresses, such as 285@observium.example.domain.com. The number in question is the device_id. In this case, '285' is the ID of the example device.
- When the syslog alert process sends a notification e-mail, it does not mark the rule as Notified. It's still listed as "NO" on the Syslog Alerts list.
- When a syslog alert is deleted, a blank line with a rule and delete icon is left under a Contact's "Associated Syslog Rules."
Attached:
- syslog_rules.png - Syslog Rules built
- syslog_message.png - Syslog message sent by device
- syslog_alert.png - Syslog alert generated based on rule(s)
- alerter.php-d.txt - alerter.php debug run on device
- mailer_daemon.txt - /var/lib/sendmail/dead.letter
