Hey Icinga Community
I would like to share with you my current project and get your feedback about.
I’m pushing ~50k logs/sec into Log infrastructure. Right now, I’m using this awesome tools to monitor them: elastalert (https://github.com/Yelp/elastalert).
For example, I receive a SMS alert if an administrator logon occurred from my infrastructure.
My idea is to push this data to icinga2. So that my team can handle more easily alerts, acknowledge them (elastalert does not provide ‘recover’ action). “One alerting system to rule them all”!
To do that, I’m writing a new alerter for elastalert to push check_result into elastalert. This is the biggest part of the deal for me ^^
But I’m not sure about how to create the passive check on Icinga. I guess I should put ‘false’ on ‘enable_active_checks’. Right? Because I don’t care of the freshness here.
Thanks for reading