Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This is an sec rulle file to help prevent an email storm with Icinga/Nagios caused by excessive notifications.
type=SingleWithThreshold
ptype=RegExp
pattern=dsn=(\d+)\.(\d+)\.(\d+)
context=maillog_tripped
desc=$0
action=shellcmd shutdown -h now
window=10
thresh=2
type=SingleWithThreshold
ptype=RegExp
pattern=dsn=(\d+)\.(\d+)\.(\d+)
context=icingalog_tripped
desc=$0
action=pipe 'The email threshold was tripped at %t /n Stopping the sendmil service' /bin/mail -s "Email Storm Alert" %e ; \
create mail_tripped_context ; \
shellcmd /sbin/service ido2db stop
shellcmd /sbin/service icinga stop
shellcmd /bin/sleep 30
window=10
thresh=2
type=SingleWithThreshold
ptype=RegExp
pattern=NOTIFICATION
desc=$0
action=eval %e {'email_address'} ;\
pipe 'The email threshold was tripped at %t /n Stopping the sendmil service' /bin/mail -s "Email Storm Alert" %e ; \
create icingalog_tripped ; \
shellcmd /sbin/service sendmail stop ; \
shellcmd /bin/sleep 30 ; \
spawn /usr/bin/tail -n 0 -f /var/log/maillog ; \
window=60
thresh=25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.