Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
Professional Edition
-
None
-
Observium professional as a syslog receiver.
Description
Three ideas to improve the existing syslog alerting:
1) Ability to select hostnames or other criteria to apply syslog alerts to (e.g. servers only, etc) using the same type of framework for picking devices for normal alerts. Device association only, but not entity association.
2) Alerting latching. What I mean here is that I would create an alert with two syslog strings. The first would cause the alert to go critical, and the second string would clear it. This could then be extended to re-alert if still down after 24h or whatever the re-alert timer is, similar to the normal alerting framework. It would also be useful to be able to latch and then not report on further occurrences for that host. The current syslog alerting structure alerts every time a string is seen, so if there are a flood of matching strings, that leads to a flood of alerts. This improvement would suppress those.
3) Syslog alert flood suppression. Extend the existing alerting to allow me to enter a timeout value, where Observium wouldn't re-alert for the same host/check combo.
For example, the foo-alert-high string triggers and the timeout is 3600s, but if the same host sends another foo-alert-high notification 20mins later, Observium would ignore this. Could be in poller multiples too of course.
