cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

EF2 extension and CUSTOM_ALERT

ThomasM
Newcomer

Hi

I have written the extension EF2 (OneAgent), which monitors the validity of Cloudflare certificates. It connects to Cloudflare, sends an API request, gets a response, does the math, gets the results. Boring, trivial and cliché.

At the end of the whole process, if the result is less than 7 days, it sends CUSTOM_ALERT to Dynatrace (entity type: CUSTOM_DEVICE). And here I have a small problem, because if only one certificate is in such a state, then the alert is visible in Dynatrace. But if I have multiple such certificates, I have to send multiple CUSTOM_ALERT with different payloads, but in my case the payload is just overwritten instead of being sent independently. Is there a setting that I am not aware of that causes Dynatrace to handle these alerts independently?

Here is the code snippet responsible for alerts:

if len(certificates) > 0:
  for crt in certificates:
    if crt['type'] in ("advanced", "universal", "sni_custom") and len(crt['certificates']) > 0:
    d1 = datetime.now() + timedelta(int(self.cf_days))
    d2 = datetime.strptime(crt['certificates'][0]['expires_on'], '%Y-%m-%dT%H:%M:%S.%fZ')
    if d2 < d1:
    delta = d2 - datetime.now()
    self.report_dt_event(event_type=DtEventType.CUSTOM_ALERT,
       title="The certificate will expire in " + str(delta.days),
       timeout=60,
       entity_selector="type(CUSTOM_DEVICE),entityName.equals(Cloudflare_Certificates)",
       properties={
         "dt.event.allow_davis_merge": "false",
         "Account Name": zone['account_name'],
         "Zone Name": zone['zone_name'],
         "Zone ID": zone['zone_id'],
         "Certificate Authority": crt['certificate_authority'],
         "Status": crt['status'],
         "Expires On": d2.strftime('%Y-%m-%d'),
         "Days left until expiration": str(delta.days)
      }
    )

 

2 REPLIES 2

JamesKitson
Dynatrace Guru
Dynatrace Guru

First, the value of dt.event.allow_davis_merge in your code should be False without the quotes so that it is a boolean value. As-is that would be just a string with the value 'false' that Dynatrace won't use since it's a string not a boolean value. I don't think that particularly matters here though because custom_alert severity events don't merge by design.

What I think really matters is it's the title and I believe description (set via dt.event.description property) that really control whether an incoming event creates a new problem or just keeps an existing one open. Since your title likely will be the same for each certificate if they have the same expiration, they would be just keeping that one problem open instead of creating new ones. The properties you see being updated with the 'latest' would be expected.

So, I would recommend including something unique per certificate in your title test and optionally adding a description.

I thought the same thing when I analyzed the logs, because it was clear to see that regardless of the payload, alarms with the same titles only arrive once. This can easily be solved by adding a certificate ID to the title.

As for the string/boolean settings, it probably needs to be string in this case. After switching to boolean (the documentation also mentions boolean), I get this error:

 

{
  "error": {
    "code": 400,
    "message": "Member '#/properties/dt.event.allow_davis_merge' must be of 'string' type"
  }
}

 

 

Featured Posts