Hi, I'm trying to create a symptom that should trigger when a ESXi host doesn't comply with our NTP server policy. We are using "ntp1.ourdomain.com, ntp2.ourdomain.com, ntp3.ourdomain.com" as...
See more...
Hi, I'm trying to create a symptom that should trigger when a ESXi host doesn't comply with our NTP server policy. We are using "ntp1.ourdomain.com, ntp2.ourdomain.com, ntp3.ourdomain.com" as standard for all our hosts. The symptom should trigger when a host deviates from this. To accomplish this I'm using the following regexp in the symptom definition: ntp[123].ourdomain.com, ntp[123].ourdomain.com, ntp[123].ourdomain.com This results in a match on the online regexp tester: https://regex101.com/ Here is a XML export: <?xml version="1.0" encoding="UTF-8"?><alertContent> <SymptomDefinitions> <SymptomDefinition adapterKind="VMWARE" id="SymptomDefinition-e9013e2f-090b-47c7-a70d-01ff985fb2db" name="_ESXi Host have wrong NTP server settings" resourceKind="HostSystem"> <State severity="warning"> <Condition key="config|security|ntpServer" operator="notregex" thresholdType="static" type="property" value="ntp[123].mydomain.com, ntp[123].mydomain.com, ntp[123].mydomain.com" valueType="string"/> </State> </SymptomDefinition> </SymptomDefinitions> </alertContent> This is what happens during testing: 1. When the symptom is set to trigger when the regexp doesn't match 1a. Host with correct NTP: Symptom triggers with the following message: NTP server "ntp1.mydomain.com, ntp3.mydomain.com, ntp2.mydomain.com" not matches regular expression "ntp[123].mydomain.com, ntp[123].mydomain.com, ntp[123].mydomain.com" 1b. Host with incorrect NTP: Symptom does not trigger 2. When the symptom is set to trigger when the regexp match 2a. Host with correct NTP: Symptom triggers with the following message: NTP server "ntp1.mydomain.com, ntp3.mydomain.com, ntp2.mydomain.com" matches regular expression "ntp[123].mydomain.com, ntp[123].mydomain.com, ntp[123].mydomain.com" 2b. Host with incorrect NTP: Symptom does not trigger This is confusing. The symptom triggers on the host with correct NTP settings both when the symptom match and when the symptom doesn't match On hosts with incorrect NTP settings the symptom never triggers. I've cancelled the associated alert several times and waited for several collection cycles. Always the same result. Am I doing something wrong or is this a bug?