Hi - I have about 10 application logs on a server (one log file per client site). Nxlog is configured to capture *.log files in the log folder and is forwarding them OK to NLS. In my dashboard it shows the Source FileName so that I can run a query for that client site.
My problem is that when I create the alert , I can't provide the Source Filename in the message to indicate which client site it is from. I really didn't want to create 10 indiviual alerts.
Is there some way that I can provide more information in the alert message?
regards... Fred
Alerting on Application logs
-
Fred Kroeger
- Posts: 588
- Joined: Wed Oct 19, 2011 11:36 pm
- Location: Perth, Western Australia
- Contact:
Alerting on Application logs
Last edited by Fred Kroeger on Sun Jan 15, 2017 6:46 pm, edited 1 time in total.
Re: Alerting on Application logs
Could you show us a screenshot of an entire log with all applicable fields for us to look at? If you don't want to match the filename that's fine, you'll just need to find a common denominator between what you'd like an alert on. One thing from the NXlog side you could probably do is add your own tagging as well for this.
Former Nagios Employee
-
Fred Kroeger
- Posts: 588
- Joined: Wed Oct 19, 2011 11:36 pm
- Location: Perth, Western Australia
- Contact:
Re: Alerting on Application logs
Screenshot below. Query is on the SourceModuleName and I search the message field for the error message to alert on.
I wanted to avoid having a separate query for each file name mainly so that if a new log file is created, it will pick it up automatically instead of having to create yet another query for the new file.
Basically I want to alert if the message contains a defined string and for the alert to contain the message & theSourceName so that we can identify the log file that has triggered the alert
I wanted to avoid having a separate query for each file name mainly so that if a new log file is created, it will pick it up automatically instead of having to create yet another query for the new file.
Basically I want to alert if the message contains a defined string and for the alert to contain the message & theSourceName so that we can identify the log file that has triggered the alert
You do not have the required permissions to view the files attached to this post.
Re: Alerting on Application logs
Would it work to match on the Hostname or SourceModuleName instead of the SourceName? That way it'll apply to all 10 log files at once, rather then just one by one.
Former Nagios Employee
Re: Alerting on Application logs
Also, as far as the alerts go, I filed a feature request so that you could pull specific field information in the email -
Code: Select all
Nagios Log Server Feature Request: Allow %lastalertlog% to be broken down to indiividual fields
Former Nagios Employee
-
Fred Kroeger
- Posts: 588
- Joined: Wed Oct 19, 2011 11:36 pm
- Location: Perth, Western Australia
- Contact:
Re: Alerting on Application logs
Thanks for submitting the Feature Request.
I think matching on Hostname doesn't help because there could be other logs coming from that host.
At the moment I am matching on the Source Module name to capture all those logs at once. That was why it was important to pass the Source Filename in the email so that we know which logfile contained the error.
Regards... Fred
I think matching on Hostname doesn't help because there could be other logs coming from that host.
At the moment I am matching on the Source Module name to capture all those logs at once. That was why it was important to pass the Source Filename in the email so that we know which logfile contained the error.
Regards... Fred
Re: Alerting on Application logs
Got it - not much can be done then I don't think. We'll have to wait for the FR to be approved at this point. I'll leave this open should you want to request an update.
Former Nagios Employee