[icinga-users] notification command configuration

Michael Friedrich michael.friedrich at gmail.com
Wed Feb 6 21:59:12 CET 2013


On 06.02.2013 21:11, Simon Oosthoek wrote:
> The documentation is quite "dry" w.r.t. this...

As usual, there are different opinions, and it's best to discuss 
anyways. In smaller setups this does not really matter, but it has been 
identified in various larger setups to cause problems you would normally 
never catch.

Since many users do not even ask themselves about the notification 
command itsself, but rather use the default (or the enhanced edition 
provided in notifications.cfg - seems noone uses that one...) and in 
that case, environment macros are just a waste of time, cpu and memory.

For the code related parts - check base/utils.c:set_environment_var as 
well as referenced in common/macros.c: set_macro_environment_var

You may recognize, that large_installation_tweaks will skip the summary 
macros, as they can be huge and cause problems.

Back in base/utils.c:my_system_r->set_all_macro_environment_vars_r - 
used for all eventhandlers, notifications, perfdata commands and sync 
checks, while in 
base/checks.c:run_async_host_check_3x|run_async_service_check->set_all_macro_environment_vars_r 
the calculation of the environment macros happens just before a 
host/service check is actually executed.
Using large_installation_tweaks, you can skip the memory free'ing and 
leave the child cleanup to the kernel (still not good for your ps output).

Basically you'll get the idea - if environment macros are enabled, they 
are used for everything, and are required to be computed ondemand (for 
the host/service related to the check/notification/eventhandler/perfdata 
command). If you just decide to enable those for notifications and their 
simplicity, keep in mind that this affects everything else then.

Some might say - env macros may obfuscate your command line call to 
plugins in order to remove sensitive information like passwords and so 
on (check_oracle_health e.g.) but there are still other methods to 
achieve that as well (i.e. creating a readonly trusted users with only 
the permission to call something from address something - highly depends 
on company's policy).

95% of the users don't need them, so they are disabled by default.

Kind regards,
Michael




-- 
DI (FH) Michael Friedrich

mail:     michael.friedrich at gmail.com
twitter:  https://twitter.com/dnsmichi
jabber:   dnsmichi at jabber.ccc.de
irc:      irc.freenode.net/icinga dnsmichi

icinga open source monitoring
position: lead core developer
url:      https://www.icinga.org





More information about the icinga-users mailing list