Hi all,
One problem that NimSoft suffers from is that the default messages are just too verbose for SMS based alerting.
In the url_response probe, we would like to change the default message that is displayed when a content check fails. The default configuration for this message is as follows.
<ContainsUnexpected>
text = URL content for '$profile' contains the unexpected text '$string'
level = major
subsystem = 1.1.14
token = contains_unexpected
variables = profile string
i18n_token = as#network.url_response.contains_unexpected
</ContainsUnexpected>
We then have inserted our own custom message into the configuration file, and set it as the default.
<CustomContainsUnexpected>
text = URL content check FAILED - $url
level = critical
subsystem = 4.5
token = contains_unexpected
variables = profile string url
i18n_token =
</CustomContainsUnexpected>
Unfortunately, what we always get is the default string. Each profile has a list of custom messages, and we've successfully tailored some of those.
dns_resolution_time_message =
download_time_message = CustomTimeLimit
first_bytefetch_time_message =
last_bytefetch_time_message =
redirect_time_message =
tcp_connect_time_message =
cert_expired_message = CustomCertExpired
cert_to_expire_message = CustomDaysToCertExpire
However, by default, there does not seem to be anything in the configuration file to suggest that you can set a custom contains_unexpected message. When I do a strings of url_response and search for "_message", I find the following:
dns_resolution_time_message
download_time_message
first_bytefetch_time_message
last_bytefetch_time_message
redirect_time_message
tcp_connect_time_message
cert_expired_message
cert_to_expire_message
unexpected_message
That last one doesn't seem to be a configuration item though, as I've added the following to each profile and still we get the default message.
unexpected_message = CustomContainsUnexpected
Has anyone seen this behavior before, and perhaps done this without having to write some LUA to change the content of the when it arrives?
Regards,
Andrew S