Logserver Alerts below threshold not working

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
weveland
Posts: 125
Joined: Tue Aug 11, 2015 4:10 pm
Location: cat /dev/urandom > /dev/sda

Re: Logserver Alerts below threshold not working

Post by weveland »

So for the apache log captures I should just use.
%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response_code} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}
Or should I just change my other filter to not use response?
Top
weveland
Posts: 125
Joined: Tue Aug 11, 2015 4:10 pm
Location: cat /dev/urandom > /dev/sda

Re: Logserver Alerts below threshold not working

Post by weveland »

Perfect I love when my answers are more deterministic!

I do have one more issue that I thought was related to this initially but it appears is not now. I will open it up in a separate post if that's ok with you?
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Logserver Alerts below threshold not working

Post by jolson »

To make certain that it's assigned as an integer, you can tell the field which type to use by appending ':int' to any grok filter. For example:

Code: Select all

%{NUMBER:response_code:int}
This will ensure that the match for 'response_code' will always be assigned the 'integer' type. That is what I recommend doing - best practice would be calling it something specific like 'apache_response'.

Code: Select all

%{NUMBER:apache_response:int}
No problem - go ahead and open up another post. :)
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Locked

Return to “Nagios Log Server”