Hi all,
You know that we put correlation every where in our last release with
bp_rule, VMWare auto-linking or in the WebUI. I'm wondering if we should
add some more "powerful" correlator objects, a lit like "zabbix triggers" :)
Triggers are basically "expression matching" that can look at other objects
states or perfdata. Such objects should be linked on hosts or services. It
should be a mix between Zabbix trigger and SEC rules (simple event
correlator, a great tool in perl).
*What are triggers?*
Such triggers will be "launched" after each new states on an host or a
service, or why not scheduled too? They can check a "matching rule" to see
if they should be active or not, and then they got an "action" that can do
"something" (change state, new perfdata, raise an ack or stop
notification,...)
The goal is NOT to change all current checks in a trigger writing way, it's
not a good idea to check standard things like that (like CPU or memory)
because it's too complex and we already got an army of good plugins for
this! :)
But it can be useful for complex business process rules, to compute KPI
(key point indicator) or manage snmp traps or syslog messages.
*
Some examples?*
I put some sample of such rules in the wiki for feature proposal at
http://www.shinken-monitoring.org/wiki/triggers
There are some sample about CPU check, because it's should be possible, but
it's not their main goal. The rules should be wrote in Python (easy syntax
:) ) and give huge possibilities for loop for examples.
There are example about CPU check or active/passive check, but such can be
wrote more easily with bp_rule. The real sample are the state-full log
parsing that will create an alert only if more than 10 hosts raise a scan
from a unique source, and the KPI computation that show how to create a
perfdata (and so graph with classic tools) from N distinct services.
*Go?*
It's a pure POC, there is nothing wrote from now, but the idea is to let
the user got a very large control on matching rules and actions for
specific and high level correlation rule. It should be "not so hard" to
wrote the trigger code in the scheduler (maybe the correlator name was
better for this one after all because scheduling is a small part of its job
;) ) and all we need is to propose some easy functions to raise states or
matching output for example, not a so big thing.
If you got some cases where bp_rule are not enough or you wrote a very hard
to maintain plugins that does this correlation thing, it's time to let it
know so we can try to make trigger manage them :)
I'll be off for a shell for Christmas, and then I'll finish some WebUI page
I start for mobiles, and then start a first draft of a configuration UI.
But the triggers can be in poc during this time and be ready for the
release after the 1.0 maybe :)
Jean
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Shinken-devel mailing list
Shinken-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shinken-devel
