Configuring Notification Settings

A Big Brother client sends a notification request to the BBPAGER server if it reaches a certain threshold or notices a problem (usually on a red condition). This request is sent to the BBPAGER server as a "page" message. The BBPAGER server processes the request and determines if a notification needs to be sent out. If one is needed, Big Brother can send an e-mail, a numeric page (beeper), or an SMS message (either TAP or UCP).

All notification messages contain, in one form or another, a seven-digit security code (also referred as an acknowledgement code) and a 15-digit or longer numeric error code. The security code is of the XXXXXYY format where XXXXX is the acknowledgement ID and YY is a recipient ID (the recipient enters the security code when acknowledging the message). The 15-digit numeric error code is in the format XXXAAABBBCCCDDD where XXX is the numeric code for the error type (defined in the svcerrlist token described below) and the other 12 digits are the normalized IP address (AAA.BBB.CCC.DDD).

Note. Big Brother loads the contents of bbwarnsetup.cfg every time a notification request is received by the BBPAGER server. As you make the changes described below, you do not need to stop and restart the BBPAGER server for them to take effect.

Before you create rules to specify who to call and when for which problems, you must first configure the etc\bbwarnsetup.cfg file. This file contains the overall settings for the notification feature. The table below describes the options you can set. Instructions are also included in the configuration file as comments.




Set to TRUE to enable notification; this is the default. This is useful if you want to completely disable notification.


This contains a list of service/code pairs. The service name is the column found in the HTML display and the code is the value displayed on a numeric message. If you add a custom test and want to send notifications for it, the column name must have a corresponding code.


A regular expression used to temporarily disable notification for a host-service combination. For example:


This turns off notification for any CPU errors or msgs errors, and any errors concerning host11.

Note. You can achieve the same results with the ! rule, which is described in the topic on defining notification recipients.


Numeric code to use when a user sends a manual notification.


The color level(s) to send a notification at.


If a color defined here is also defined in pagelevels, only e-mail recipients will receive notifications when the status is this color. Only recipients in the form rcpt@some.mail will be notified. If a recipient is prefixed with ep-, ext-XXX- or any other valid prefix, it will be ignored as those are not considered e-mail recipients.


Set to TRUE if you want to be notified when a problem has been fixed. This feature is only available when pagetype is set to EVENT.


Defines how the pager delay is handled. There are 4 choices:

RCPT: the recipient is not notified until pager delay expires.

EVENT: the recipient is not notified for a particular host-service combination until the pager delay expires.

HOST: the recipient is not notified for a particular host until the pager delay expires.

GROUP: the recipient is not notified for a particular host-service within the same etc\bb-hosts.cfg group combination until the pager delay expires.


Recipient(s) to receive an e-mail notification if a page notification could not be sent.


Set to TRUE if you want the HTML path of the status log to be appended to each e-mail notification. If this is set to TRUE, make sure the BBWEBHTMLLOGS variable is set correctly in etc\bbdef.cfg.


The character to use as the entry delimiter in the etc\bbwarnrules.cfg file. By default, it is a semi-colon ( ; ).


Recipients that should receive a brief notification message. You can you use regular expressions. For example:

ep-* (all e-page recipients)

The brief message  has this format:

hostname.service - XXXYYYYYYYYYYYY
<link to host.svc page in bb>


Defines a group of hosts/devices. This lets you create one or more host group names as an alias or shorthand for a group of hosts. You can use these tokens in the host fields (the first and second fields) in the bbwarnrules.cfg file instead of having to type the host names individually in all rules lines. You can have multiple hg-xxxxxxx tokens.

For example, you can create a group containing your monitored UNIX hosts:

hg-unix: unixmach1 unixmach2 unixmach3

You can place any number of hosts into a host group. You can also define as many host groups as you want by entering multiple hg-group tokens:

hg-unix: unixmach1 unixmach2 unixmach3
hg-windows: winmach1 winmach2 winmach3


Defines a group of recipients. You can then use these tokens in the recipients fields in the bbwarnrules.cfg file instead of having to type the recipients individually in all rules lines. You can have multiple pg-yyyyyyy tokens.

The recipients can be either e-mail addresses or pager numbers. Here is an example:



The IP address of the SMTP server that will relay the e-mail notification.  You can also specify a custom port by specifying the entry in the following manner:  where 2525 is the custom SMTP port.



The e-mail address that will appear on the "From:" line of e-mail notification messages.


Subsitute the host's IP address on the subject line for a static user defined IP address


User defined string to append to the subject line of all email notifications


Disabling notifications temporarily

Note. This feature is not automatically available. It must be explicitly defined in the RUNOPTS variable of etc\bbdef.cfg. Add the ENABLE_DISABLE option to enable it. Be warned that if you enable this feature, a knowledgeable hacker could disable notifications while cracking into your systems.


Note. There is a management screen to facilitate the enabling or disabling of notifications.  Review the "Temporarily Disabling Notification requests" help text.

You can temporarily disable notifications without modifying the etc\bbwarnrules.cfg file. Currently, only a manual operation can accomplish this; you must use the BB.EXE utility distributed with the Big Brother client. All you have to do is send a 'disable' message to the BBDISPLAY server(s) using the following format:

BB.EXE "disable 'host regular expression' 'duration' [reason]"

If a management code is defined in the etc/enadiscode file then you'll have to use a message in the following format:

./bb $BBDISP "disable:code 'host regular expression' 'duration' [reason]"

where "code" is the string defined in the etc/enadiscode file.


You can match multiple hosts and/or services by specifying a regular expression instead of a real host name. By default, the duration is in minutes, but you can also use seconds, hours, or days by adding s, h, or d. (For example, 30s for 30 seconds or 1d for one day.) You can also add an optional reason that will be displayed in the status. Here are some examples (all examples below do not use a management code):



BB.EXE "disable 240"

Disable notifications for the disk event of for 240 minutes.


BB.EXE "disable* 240"

Disable notifications for all events for host for 240 minutes

BB.EXE "disable* 240 Taking offline for a new disk"

Disable notifications for all events for host for 240 minutes and specify the reason.


To re-enable a disabled host(s), send the "enable" message

BB.EXE "enable 'host regular expression'"

You can match multiple hosts and/or services by specifying a regular expression instead of a real host name.

Here are some examples:



BB.EXE "enable*"

Enable notifications on all events for host


BB.EXE "enable"

Enable notifications on disk events for host


After you send an enable message, the colored dot will stay blue until a new status is received by the BBDISPLAY server.