Page 1 of 1

Nagios Log Server Alerting

Posted: Thu Jun 03, 2021 1:49 pm
by srinivasmandalika
Hello,

We are using Nagios Log Server to monitor our logs and send out alert when we find --ERROR--

But from few days we are receiving alerts even if there is --WARN-- in the logs... I used search string as "--ERROR--"

Any help would be highly appreciated...

Thank You!

Srini

Re: Nagios Log Server Alerting

Posted: Mon Jun 07, 2021 10:04 am
by mcapra
When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar?

It's hard for me to say exactly what is going on without some sample logs and the exact search queries being used. - is a reserved character in Lucene, which may be part of the issue:
https://lucene.apache.org/core/4_7_0/qu ... Characters
Lucene supports escaping special characters that are part of the query syntax. The current list special characters are

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /

Re: Nagios Log Server Alerting

Posted: Mon Jun 07, 2021 2:14 pm
by srinivasmandalika
When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar? -- Yes... It shows up...

Re: Nagios Log Server Alerting

Posted: Mon Jun 07, 2021 2:20 pm
by srinivasmandalika
We are expecting to get an alert when Nagios finds below error in logs

--ERROR-- [taskScheduler-1] org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler: Unexpected error occurred in scheduled task

But, even if there is a --WARN-- as below, we are receiving the alerts...

--WARN-- [taskScheduler-5] dao.ManagedDevicesDao: Exception org.springframework.jdbc.UncategorizedSQLException: StatementCallback; uncategorized SQLException for SQL [select DeviceUUid, PhoneNumber, User_Name, Model, Email_Address, principal, Serial_Number, imei, record_source from devices WHERE IsCurrentData='Y' and status_value='Active' and DeviceUUid in (select DeviceUUid from apps where IsCurrentData='Y' and upper(appname) like ' ' or upper(appname) like 'x%' )]; SQL state [HY008]; error code [0]; The query has timed out.; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The query has timed out. trying to query managedDevices DB. Waiting a couple seconds and trying again...

Let me know if you need any further information...

Re: Nagios Log Server Alerting

Posted: Wed Jun 09, 2021 9:58 am
by mcapra
I'd try refining your search. I don't have a cluster or set of documents to test against, but I suspect given the escape characters bit I mentioned earlier, the --ERROR-- search is matching this block of the message you don't want to alert on:

Code: Select all

error code [0];

Re: Nagios Log Server Alerting

Posted: Wed Jun 16, 2021 11:14 am
by srinivasmandalika
Any suggestions?