/email_threshold.conf
Created May 8, 2014
This is an sec rulle file to help prevent an email storm with Icinga/Nagios caused by excessive notifications.
| type=SingleWithThreshold | |
| ptype=RegExp | |
| pattern=dsn=(\d+)\.(\d+)\.(\d+) | |
| context=maillog_tripped | |
| desc=$0 | |
| action=shellcmd shutdown -h now | |
| window=10 | |
| thresh=2 | |
| type=SingleWithThreshold | |
| ptype=RegExp | |
| pattern=dsn=(\d+)\.(\d+)\.(\d+) | |
| context=icingalog_tripped | |
| desc=$0 | |
| action=pipe 'The email threshold was tripped at %t /n Stopping the sendmil service' /bin/mail -s "Email Storm Alert" %e ; \ | |
| create mail_tripped_context ; \ | |
| shellcmd /sbin/service ido2db stop | |
| shellcmd /sbin/service icinga stop | |
| shellcmd /bin/sleep 30 | |
| window=10 | |
| thresh=2 | |
| type=SingleWithThreshold | |
| ptype=RegExp | |
| pattern=NOTIFICATION | |
| desc=$0 | |
| action=eval %e {'email_address'} ;\ | |
| pipe 'The email threshold was tripped at %t /n Stopping the sendmil service' /bin/mail -s "Email Storm Alert" %e ; \ | |
| create icingalog_tripped ; \ | |
| shellcmd /sbin/service sendmail stop ; \ | |
| shellcmd /bin/sleep 30 ; \ | |
| spawn /usr/bin/tail -n 0 -f /var/log/maillog ; \ | |
| window=60 | |
| thresh=25 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment