Log Server dashboard alerting not working as expected

[james.liew]

Referring from earlier thread: https://support.nagios.com/forum/viewto ... 37&t=43032

I seem to be getting the error emails below:


What I want to do is to make it alert if I receive <1000 emails (WARNING) and <500 emails (CRITICAL) but I'm receiving more than the 1000 threshold so it shouldn't be sending alerts. Not sure why this is happening.

Windows Event Log Threshold Alerting came back with a CRITICAL state at
The alert was processed with the following thresholds:
• Lookback period: 60m
• Warning: 1000
• Critical: 500
Here is the full alert output:
CRITICAL: 14884 matching entries found |logs=14884;1000;500
See the last 60m in the Nagios Log Server dashboard.
Nagios Log Server

[tacolover101]

the filter is currently working with >500 and >1000. post a screenshot of your current settings for the alert.

[tgriep]

If you want to receive Alerts for less than the thresholds, you would have to edit the Alert and add a colon on the end of the thresholds line the example below.

Code: Select all

1000:
500:

The colon on the end changed the threshold to be less than and should send the alerts how you want.

[james.liew]

Awesome, adding the : did the trick.

Didn't realize it before. Thanks!

[cdienger]

Hi James,

Have you tested and confirmed the solution? If so, can this thread be locked?

[james.liew]

Yes, I have tested and this is now good to close