VPN Logs query filter

[alecas1]

I would like to know how to configure Nagios Log server in order to sent an email alert regarding any VPN Logs ( create a query on Nagios to filter VPN Logs ) , thanks

[mcapra]

This is somewhat contingent on the content of the log entry.

Step 1 would be figuring out what your query should look like. Say I have a really basic VPN log that looks like this:

Code: Select all

VPN CONNECT: Simone (10.10.10.2)
VPN DISCONNECT: Simone (10.10.10.2)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN CONNECT: Jerry (10.10.10.3)
VPN CONNECT: Tom (10.10.10.4)
VPN DISCONNECT: Tom (10.10.10.4)
VPN DISCONNECT: Jerry (10.10.10.3)

If I wanted to capture all "VPN CONNECT" events, I could define a query like so from the main dashboard:

2016_08_19_10_47_20_Dashboard_Nagios_Log_Server.png

Which will return all VPN CONNECT events:

2016_08_19_10_48_06_Dashboard_Nagios_Log_Server.png

Once I have the query defined and it's returning the data I want to alert on, I can save the query:

2016_08_19_10_49_42_Dashboard_Nagios_Log_Server.png

2016_08_19_10_51_12_Dashboard_Nagios_Log_Server.png

Then from the "Alerting" menu, you would create a New Alert using the query you just defined. If you want to be notified on every VPN CONNECT entry, set both the thresholds to 0.

[alecas1]

Thank you. Following the information that you posted i did the configuration of the query and i received the VPN alerts by email correctly.

Do you know how to configure the Email Template in order to include in the VPN alert email the complete text content of the message generated by the Log

Thanks

[Box293]

%lastalertlog%

Alerting > Email Templates
Click the View Macros button for more information.