Aggregated alerts

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
patalenszki.zoltan
Posts: 40
Joined: Tue Sep 13, 2016 9:16 am

Aggregated alerts

Post by patalenszki.zoltan »

Dear customer support,

Is it possible somehow to write alerts based on aggregated queries in Nagios Log Server?
ie: Alerts when one of our users loged in more than 10 times in 5 minutes. I have not find solution for that.

Thanks in advanced!

Best Regards,
Zoli
Top
jomann
Development Lead
Posts: 611
Joined: Mon Apr 22, 2013 10:06 am
Location: Nagios Enterprises

Re: Aggregated alerts

Post by jomann »

Alerts are based on the number of returned objects. So you can manually write a query and test it locally on the Elasticsearch system and then input it into the Alert in the NLS GUI. I don't know if an aggregate would work properly, because it would only return the aggregated amount. You'd want to return each log object for the times they logged in. Really you just need to query the user, get the logs that shows they logged in, and then set that query up in the Alert.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios Log Server”