Big Brother sends a notification request to the BBPAGER server if a test reaches a certain threshold or reports a problem (usually on a red condition). This request is sent to the BBPAGER server as a "page" message. The BBPAGER server processes the request and determines if a notification needs to be sent out. If so, it can send an e-mail, a numeric page (beeper), or an SMS message (this requires a third-party application such as sms_client or qpage).
All notification messages contain (in one form or another) a seven-digit security code (also referred as an acknowledgement code) and a 15-digit (or longer) numeric error code. The security code format is XXXXXYY, where XXXXX is the acknowledgement ID and YY is a recipient ID; the recipient enters the security code when acknowledging the message. The 15-digit numeric error code consists of the three-digit error type (defined in the svcerrlist token described below) followed by the 12-digit normalized IP address of the host with the problem.
Note. Big Brother loads the contents of bbwarnsetup.cfg every time a notification request is received by the BBPAGER server. As you make the changes described below, you do not need to stop and restart the BBPAGER server for them to take effect.
Before you create rules to specify who to call and when for which problems, you must first configure the etc/bbwarnsetup.cfg file. This file contains the overall settings for the notification feature. The table below describes the options you can set. Instructions are also included in the configuration file as comments.
Note. Most of these settings have an effect only on the BBPAGER server. However, the pagelevels and pagelevelesmail parameters must be set on all hosts, both clients and servers, as they determine when a paging request is sent to the BBPAGER server.
|
Setting |
Description |
|
bbwarn |
Set to TRUE to enable notification; this is the default. This is useful if you want to completely disable notification. |
|
svcerrlist |
This contains a list of service/code pairs. The service name is the column found in the HTML display and the code is the value displayed on a numeric message. If you add a custom test and want to send notifications for it, the column name must have a corresponding code. |
|
ignforall |
A regular expression used to temporarily disable notification for a host-service combination. For example: ignforall:.*.cpu|.*.msgs|host11.* This turns off notification for any CPU errors, any msgs errors, and any errors concerning host11. Note. You can achieve the same results with the ! rule, which is described in the topic on defining notification recipients. |
|
ttyline |
List of modem devices. |
|
prefix |
Prefix to use when dialing out. |
|
suffix |
Suffix to use when dialing out (like a hangup). |
|
pagehelpcode |
Numeric code to use when a user sends a manual notification. |
|
pagelevels |
The color level(s) to send a notification at. |
|
pagedelay |
The number of minutes to wait before sending another notification. You can override this for individual recipients in the bbwarnrules.cfg file. |
|
pagelevels |
The color levels to send a notification at. This setting overrides the equivalent setting in bbdef.sh. |
|
pagelevelsmail |
If a color defined here is also defined in pagelevels, only an e-mail recipient will receive notifications when an error occurs at the pagelevelsmail defined color: Only recipients in the form rcpt@some.mail will be notified. If a recipient is prefixed with ep-, ext-XXX- or any other valid prefix, it will be ignored as those are not considered e-mail recipients. This setting also exists in bbdef.sh. The setting in this file overrides the one in bbdef.sh. |
|
pagerecovered |
Set to TRUE if you want to be notified when a problem has been fixed. This feature is only available when pagetype is set to EVENT. |
|
pagetype |
Defines how the pager delay is handled. There are 4 choices: RCPT: the recipient is not notified until pager delay expires. EVENT: the recipient is not notified for a particular host-service combination until the pager delay expires. HOST: the recipient is not notified for a particular host until the pager delay expires. GROUP: the recipient is not notified for a particular host-service within the same etc/bb-hosts group combination until the pager delay expires. |
|
pagemaster |
Recipient(s) to receive an e-mail notification if a page notification could not be sent. |
|
pageaddhtmlpath |
Set to TRUE if you want the HTML path of the status log to be appended to each e-mail notification. If this is set to TRUE, make sure the BBWEBHTMLLOGS variable is set correctly in etc/bbdef.sh. |
|
cfgdelim |
The character to use as the entry delimiter in the bbwarnrules.cfg file. By default, it is a semi-colon ( ; ). |
|
briefrcpt |
Recipients that should receive a brief notification message. You can use regular expressions. For example: ep-* (all e-page recipients) The brief message has this format: hostname.service
- XXXYYYYYYYYYYYY |
|
Defines a group of hosts/devices. This lets you create one or more host group names as an alias or shorthand for a group of hosts. You can use these tokens in the host fields (the first and second fields) in the bbwarnrules.cfg file instead of having to type the host names individually in all rules lines. You can have multiple hg-xxxxxxx tokens. For example, you can create a group containing your monitored UNIX hosts: hg-unix: unixmach1 unixmach2 unixmach3 You can place any number of hosts into a host group. You can also define as many host groups as you want by entering multiple hg-group tokens: hg-unix:
unixmach1 unixmach2 unixmach3 | |
|
Defines a group of recipients. You can then use these tokens in the recipients fields in the bbwarnrules.cfg file instead of having to type the recipients individually in all rules lines. You can have multiple pg-yyyyyyy tokens. The recipients can be either e-mail addresses or pager numbers. Here is an example: pg-unixadmins: kris@company.com john@company.com debra@company.com |
Note. This feature is not automatically available. It must be explicitly defined in the RUNOPTS variable of bbdef-server.sh on the BBDISPLAY and BBPAGER servers. Add the ENABLE_DISABLE option to enable it. Be warned that if you enable this feature, a knowledgeable hacker could disable notifications while cracking into your systems.
Note. There is a management screen to facilitate the enabling or disabling of notifications. Review the "Temporarily Disabling Notification requests" help text.
You can temporarily disable notifications without modifying the etc/bbwarnrules.cfg file. To do so, use the bb utility to send a 'disable' message to the BBDISPLAY server(s) using the following format:
./bb $BBDISP "disable 'host regular expression' 'duration' [reason]"
If a management code is defined in the etc/enadiscode file then you'll have to use a message in the following format:
./bb $BBDISP "disable:code 'host regular expression' 'duration' [reason]"
where "code" is the string defined in the etc/enadiscode file.
Tip. Be sure the Big Brother environment variable has been set before using bb directly.
You can match multiple hosts and/or services by specifying a regular expression instead of a real host name. By default, the duration is in minutes, but you can also use seconds, hours, or days by adding s, h, or d. (For example, 30s for 30 seconds or 1d for one day.) You can also add an optional reason that will be displayed in the status. Here are some examples (all examples below do not use a management code):
|
Message |
Meaning |
|
./bb $BBDISP "disable www.bb4.com.disk 240" |
Disable notifications for the disk event of www.bb4.com for 240 minutes. |
|
./bb $BBDISP "disable www.bb4.com* 240" |
Disable notifications for all events for host www.bb4.com for 240 minutes. |
|
./bb $BBDISP "disable www.bb4.com* 240 Taking www.bb4.com offline for a new disk" |
Disable notifications for all events for host www.bb4.com for 240 minutes and specify the reason. |
To re-enable a disabled host(s), send the "enable" message
./bb 0.0.0.0 "enable 'host regular expression'"
You can match multiple hosts and/or services by specifying a regular expression instead of a real host name.
Here are some examples:
|
Message |
Meaning |
|
./bb $BBDISP "enable www.bb4.com*" |
Enable notifications on all events for host www.bb4.com |
|
./bb $BBDISP "enable www.bb4.com.disk" |
Enable notifications on disk events for host www.bb4.com |
After you send an enable message, the colored dot will stay blue until a new status is received by the BBDISPLAY server.