# If the event is from the event stream, consume it in this rule to
# prevent it from being evaluated by other rules in this file.
type = suppress
desc = capture non-nagios log messages
ptype = tvalue
pattern = true
context = !NAG_LOG


# The following rules apply only to events from the nagios log and not
# to events from the event stream.

type = suppress
desc = skip normal log messages
ptype = regexp
pattern = ^\[[0-9]+\] (LOG (ROTATION|VERSION)|CURRENT (HOST|SERVICE) STATE|EXTERNAL COMMAND: (SCHEDULE_FORCED_SVC_CHECK|PROCESS_SERVICE_CHECK_RESULT)|SERVICE ALERT:|INITIAL SERVICE STATE:|HOST ALERT:|INITIAL HOST STATE:)

type = suppress
desc = skip auto-save traffic
ptype = regexp
pattern = ^\[[0-9]+\] Auto-save of retention data completed successfully.$

# catchall unhandled events and email them every 10 minutes
#
type=single
desc= start a catchall context for 10 minutes 
ptype=regexp
pattern= .
context = !catchall
action = create catchall 600 report catchall \
            /bin/mail -s "nagios log catchall events" %notify; \
        add catchall $0

type=single
desc= add to catchall if context exists
ptype=regexp
pattern= .
action = add catchall $0