Page 1 of 1
Nagios Log Server Alerting
Posted: Thu Jun 03, 2021 1:49 pm
by srinivasmandalika
Hello,
We are using Nagios Log Server to monitor our logs and send out alert when we find --ERROR--
But from few days we are receiving alerts even if there is --WARN-- in the logs... I used search string as "--ERROR--"
Any help would be highly appreciated...
Thank You!
Srini
Re: Nagios Log Server Alerting
Posted: Mon Jun 07, 2021 10:04 am
by mcapra
When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That
--WARN-- logs show up when you simply put
--ERROR-- into the search bar?
It's hard for me to say exactly what is going on without some sample logs and the exact search queries being used.
- is a reserved character in Lucene, which may be part of the issue:
https://lucene.apache.org/core/4_7_0/qu ... Characters
Lucene supports escaping special characters that are part of the query syntax. The current list special characters are
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /
Re: Nagios Log Server Alerting
Posted: Mon Jun 07, 2021 2:14 pm
by srinivasmandalika
When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar? -- Yes... It shows up...
Re: Nagios Log Server Alerting
Posted: Mon Jun 07, 2021 2:20 pm
by srinivasmandalika
We are expecting to get an alert when Nagios finds below error in logs
--ERROR-- [taskScheduler-1] org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler: Unexpected error occurred in scheduled task
But, even if there is a --WARN-- as below, we are receiving the alerts...
--WARN-- [taskScheduler-5] dao.ManagedDevicesDao: Exception org.springframework.jdbc.UncategorizedSQLException: StatementCallback; uncategorized SQLException for SQL [select DeviceUUid, PhoneNumber, User_Name, Model, Email_Address, principal, Serial_Number, imei, record_source from devices WHERE IsCurrentData='Y' and status_value='Active' and DeviceUUid in (select DeviceUUid from apps where IsCurrentData='Y' and upper(appname) like ' ' or upper(appname) like 'x%' )]; SQL state [HY008]; error code [0]; The query has timed out.; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The query has timed out. trying to query managedDevices DB. Waiting a couple seconds and trying again...
Let me know if you need any further information...
Re: Nagios Log Server Alerting
Posted: Wed Jun 09, 2021 9:58 am
by mcapra
I'd try refining your search. I don't have a cluster or set of documents to test against, but I suspect given the escape characters bit I mentioned earlier, the
--ERROR-- search is matching this block of the message you don't want to alert on:
Re: Nagios Log Server Alerting
Posted: Wed Jun 16, 2021 11:14 am
by srinivasmandalika
Any suggestions?