Nagios Log Server Alerting

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

Nagios Log Server Alerting

Postby srinivasmandalika » Thu Jun 03, 2021 1:49 pm

Hello,

We are using Nagios Log Server to monitor our logs and send out alert when we find --ERROR--

But from few days we are receiving alerts even if there is --WARN-- in the logs... I used search string as "--ERROR--"

Any help would be highly appreciated...

Thank You!

Srini
srinivasmandalika
 
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm

Re: Nagios Log Server Alerting

Postby mcapra » Mon Jun 07, 2021 10:04 am

When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar?

It's hard for me to say exactly what is going on without some sample logs and the exact search queries being used. - is a reserved character in Lucene, which may be part of the issue:
https://lucene.apache.org/core/4_7_0/qu ... Characters

Lucene supports escaping special characters that are part of the query syntax. The current list special characters are

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /
Former Nagios employee
https://www.mcapra.com/
User avatar
mcapra
 
Posts: 3661
Joined: Thu May 05, 2016 3:54 pm

Re: Nagios Log Server Alerting

Postby srinivasmandalika » Mon Jun 07, 2021 2:14 pm

When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar? -- Yes... It shows up...
srinivasmandalika
 
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm

Re: Nagios Log Server Alerting

Postby srinivasmandalika » Mon Jun 07, 2021 2:20 pm

We are expecting to get an alert when Nagios finds below error in logs

--ERROR-- [taskScheduler-1] org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler: Unexpected error occurred in scheduled task

But, even if there is a --WARN-- as below, we are receiving the alerts...

--WARN-- [taskScheduler-5] dao.ManagedDevicesDao: Exception org.springframework.jdbc.UncategorizedSQLException: StatementCallback; uncategorized SQLException for SQL [select DeviceUUid, PhoneNumber, User_Name, Model, Email_Address, principal, Serial_Number, imei, record_source from devices WHERE IsCurrentData='Y' and status_value='Active' and DeviceUUid in (select DeviceUUid from apps where IsCurrentData='Y' and upper(appname) like ' ' or upper(appname) like 'x%' )]; SQL state [HY008]; error code [0]; The query has timed out.; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The query has timed out. trying to query managedDevices DB. Waiting a couple seconds and trying again...

Let me know if you need any further information...
srinivasmandalika
 
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm

Re: Nagios Log Server Alerting

Postby mcapra » Wed Jun 09, 2021 9:58 am

I'd try refining your search. I don't have a cluster or set of documents to test against, but I suspect given the escape characters bit I mentioned earlier, the --ERROR-- search is matching this block of the message you don't want to alert on:

Code: Select all
error code [0];
Former Nagios employee
https://www.mcapra.com/
User avatar
mcapra
 
Posts: 3661
Joined: Thu May 05, 2016 3:54 pm

Re: Nagios Log Server Alerting

Postby srinivasmandalika » Wed Jun 16, 2021 11:14 am

Any suggestions?
srinivasmandalika
 
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm


Return to Community Support

Who is online

Users browsing this forum: No registered users and 25 guests