Missing body of email notificaitons

[crafael01]

I have a couple of service checks that have multiple hosts per check. Occasionally I will receive a notification where the entire body of the email is blank. So far I have only seen this happen on two different hosts which were being monitored on two different instance of XI (both running Nagios XI 2014R1.4). The only difference I can see is in the length of the description, the ones that were blank had much longer descriptions. I use $LONGSERVICEOUTPUT$ in the description.

Is there something going on in Nagios or could this be with my mail relay? As stated earlier, 3 of the four hosts that have alerted with this service monitor had no issues, and this happens on 2 different XI instances, for different services.

[tmcdonald]

For the blank emails, how long of a description are we talking? Can you post the exact description, or at least the character length?

[crafael01]

This is all I am able to catch, there may be more:

The HTTP request issued a violation to the current active policy. [SECEV] Request violations: HTTP protocol compliance failed. HTTP protocol compliance sub violations: POST request with Content-Length: 0. Evasion techniques sub violations: N/A. Web services security sub violations: N/A. Virus name: N/A. Support id: 11152812199672215216, source ip: 172.30.5.32, xff ip: 172.30.5.32, source port: 50066, destination ip: 139.126.11.143, destination port: 443, route_domain: 0, HTTP classifier: /Common/DS_Exchange2013_App.app/DS_Exchange2013_App_combined_https, scheme HTTPS, geographic location: <N/A>, request: <POST /Autodiscover/Autodiscover.xml HTTP/1.1r
Cache-Control: no-cacher
Connection: Keep-Aliver
Pragma: no-cacher
Conten>, username: <N/A>, session_id: <4cef15bf2af30b0c> / enterprises.3375.2.4.1.1 ():[SECEV] Request violations: HTTP protocol compliance failed. HTTP protocol compliance sub violations: POST request with Content-Length: 0. Evasion techniques sub violations: N/A. Web services security sub violations: N/A. Virus name: N/A. Support id: 11152812199672215216, source ip: 172.30.5.32, xff ip: 172.30.5.32, source port: 50066, destination ip: 139.126.11.143, destination port: 443, route_domain: 0, HTTP classifier: /Common/DS_Exchange2013_App.app/DS_Exchange2013_App_combined_https, scheme HTTPS, geographic location: <N/A>, request: <POST /Autodiscover/Autodiscover.xml HTTP/1.1r
Cache-Control: no-cacher
Connection: Keep-Aliver
Pragma: no-cacher
Conten>, username: <N/A>, session_id: <4cef15bf2af30b0c>

[tmcdonald]

1,537 characters isn't any sort of limit I am aware of.

• How different are the messages that do come through? Same type of content just a different length?
• Are there any keywords in the output that might be blocked by a filter?
• Are there any special characters or sequences of characters that might cause an issue? Anything non-ASCII?