WiscIT Alerts

Nagios alerts directed through WiscIT will come from sm-alerts-monitoring@g-groups.wisc.edu, and include the MS Teams recipient d76ca41d.office365.wisc.edu@amer.teams.ms for logging purposes.

One email per state change will be sent to the Primary and Backup Admins, or Team, if there is an email address associated, to sysops if so flagged, and to any Stakeholders of Type "Changes and Monitoring".

As of 2023, our handling script polls cached CMDB data but is otherwise independent of the WiscIT application or processing status.

The email format is as follows:

Subject: Configuration Item.Title Event.Level Event.Message

• Date: Event.Time Created
• WiscIT CI  = Configuration Item.Title
• Hostname =  Event.Hostname
• Level = Event.Level
• Application = Event.Application
• Source = Event.Source
• Check Type = Event.Check Type
• Message = Event.Message

Is the alert on the Operator console? [Operator Console]

From Wiscit Monitoring

Recipients:  [Event Notification Email] [Operator Alert]

Event to WiscIT API

Our scripts currently post data to the WiscIT API with (approximately) the following general format:

• "Hostname": node
• "Source": group
• "Level": severity
• "Application": usually NagiosXI or NagiosXI_op
• "CheckType": "Connection Monitor" or Service Description
• "AssociatedConfigItemID": CI Title
• "OperatorAlertPromotion": promote
• "EventKey": Node, application, "application" + group, "Connection Monitor" or Service Description
• "Status": Event status ("Open")
• "TimeCreated": thetime
• "TimeReceived": thetime
• "Message": type, author, comment, state, output, recipients (messaged directly from Nagios, deprecated)
• "EventCount": "0"