Setting the client-name for an alert sent via TCP socket

I like the idea of being able to set the client name in checks sent to local client sockets, but it’s not currently possible. there are other use cases that would benefit from this, such as a host monitoring network devices where perhaps you want the network device’s hostname to be set as the client name.

the mutator idea also sounds good and that’s the approach i would try for the time being.

···

On Fri, May 10, 2013 at 3:27 PM, JonathanQ jonathan.quail@gmail.com wrote:

I have (possibly) a weird use-case. We have a series of logstash servers that are processing all of our server logs. We are setting up some filters on those machines to alert on specific log patterns as they are being indexed.

Playing around with Sensu, I was able to trigger an alert via the TCP socket with a custom check-name and message. But it would be registered under the hostname of the chef-client machine. So if the same pattern was found in log file more than once - it would generate N alerts in Sensu (where N is the number of Logstash servers running that found the alert).

Right now we send the alert to Nagios via NSCA - and we have a fake “host” in Nagios that these are aggregated under to keep them all together. So if the pattern was found on a single logstash server or 10 - it wouldn’t only show up as an alert once.

Looking at sensu-client, it looks like it just takes the client-name from the settings when creating the event: https://github.com/sensu/sensu/blob/master/lib/sensu/socket.rb#L31

Is there a way to add an override to the client-name when sending the notification?

Here is an example of how I was testing the TCP socket trigger:

echo ‘{“name”: “some-check-name”, “output”: “I failed unfortunately”, “status”: 2}’ > /dev/tcp/localhost/3030

I’d love it if I could do something like:

echo ‘{“client”: “serverXYZ”, “name”: “some-check-name”, “output”: “I failed unfortunately”, “status”: 2}’ > /dev/tcp/localhost/3030

Is this possible already and I am just not understanding how the @settings are read? Or is this something I may need to do in a mutator? I just want to easily roll these up into a single client-name to group them together.

for future reference: this discussion has moved to github via pull request for ‘masquerade’ feature: https://github.com/sensu/sensu/pull/531

···

On Friday, May 10, 2013 11:15:18 PM UTC-7, Joe Miller wrote:

I like the idea of being able to set the client name in checks sent to local client sockets, but it’s not currently possible. there are other use cases that would benefit from this, such as a host monitoring network devices where perhaps you want the network device’s hostname to be set as the client name.

the mutator idea also sounds good and that’s the approach i would try for the time being.

On Fri, May 10, 2013 at 3:27 PM, JonathanQ jonathan.quail@gmail.com wrote:

I have (possibly) a weird use-case. We have a series of logstash servers that are processing all of our server logs. We are setting up some filters on those machines to alert on specific log patterns as they are being indexed.

Playing around with Sensu, I was able to trigger an alert via the TCP socket with a custom check-name and message. But it would be registered under the hostname of the chef-client machine. So if the same pattern was found in log file more than once - it would generate N alerts in Sensu (where N is the number of Logstash servers running that found the alert).

Right now we send the alert to Nagios via NSCA - and we have a fake “host” in Nagios that these are aggregated under to keep them all together. So if the pattern was found on a single logstash server or 10 - it wouldn’t only show up as an alert once.

Looking at sensu-client, it looks like it just takes the client-name from the settings when creating the event: https://github.com/sensu/sensu/blob/master/lib/sensu/socket.rb#L31

Is there a way to add an override to the client-name when sending the notification?

Here is an example of how I was testing the TCP socket trigger:

echo ‘{“name”: “some-check-name”, “output”: “I failed unfortunately”, “status”: 2}’ > /dev/tcp/localhost/3030

I’d love it if I could do something like:

echo ‘{“client”: “serverXYZ”, “name”: “some-check-name”, “output”: “I failed unfortunately”, “status”: 2}’ > /dev/tcp/localhost/3030

Is this possible already and I am just not understanding how the @settings are read? Or is this something I may need to do in a mutator? I just want to easily roll these up into a single client-name to group them together.