ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

More specific exemptions

https://mail.forum.configserver.com/viewtopic.php?t=10482

Page 1 of 1

More specific exemptions

Posted: 02 Oct 2017, 15:41
by reboot+hopeitcomesup
I would like to exempt alerting for our own activity in SSH - we keep a window open all day for quick access.

This results in wasteful emails all day

Code: Select all

Subject: lfd on XXXXXX: Excessive resource usage: XXXXX (19422 (Parent PID:19420))

Time:         Mon Oct  2 07:00:11 2017 -0400
Account:      XXXXX
Resource:     Process Time
Exceeded:     407508 > 1800 (seconds)
Executable:   /usr/bin/bash
Command Line: -bash
We don't want to exempt our user or IP address from all alerts, nor do we want to exempt all SSH alerts.
The best we can do now is have our mailbox filter on the subject line
Excessive resource usage: XXXXX .* Parent PID: 19420
But we have to update this as the PID changes. Having bash in the subject would be better, but we'd prefer they just not be sent at all.

Re: More specific exemptions

Posted: 13 Oct 2017, 14:03
by reboot+hopeitcomesup
Solved for now by editing file at
/usr/local/csf/tpl/resalert.txt

Subject: lfd on [hostname]: Excess resource use: [user] ([cmd])

Subject: lfd on XXXXXX: Excess resource use: XXXXX (-bash)

This way they are still being sent off the server by csf, but at least can be filtered out of our inboxes by subject.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited