Who disabled notifications
Who disabled notifications
Is there any way of finding out what user disabled notifications for a particular service? Is there a log file (text based) that I can look at? I would like to write a script to notify us if notifications get disabled.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Who disabled notifications
If you go to Admin -> Audit Log and search for the following you will see the user that ran the command
Code: Select all
DISABLE_HOST_NOTIFICATIONSRe: Who disabled notifications
This only goes back a month. It looks like it happened before this time period.
I have 2 Nagios XI servers (East and West). I noticed on East that the file /usr/local/nagiosxi/var/cmdsubsys.log is in Ascii text and I could grab the info from this server. The file is also in a different layout than the West. The West is a data file, but I can vi it and look at it. It does not give me the same information as East. East gives me the start time of the command which I can convert to normal time via perl. Is there a way to convert the West cmdsubsys.log to ascii text or have it create a new file and have it written in ascii text?
[09:51:40]root@east:/usr/local/nagiosxi/var]# file cmdsubsys.log
/usr/local/nagiosxi/var/cmdsubsys.log: ASCII text
[09:53:16]root@west:/usr/local/nagiosxi/var]# file cmdsubsys.log
cmdsubsys.log: data
East cmdsubsys.log:
CORE CMD: DISABLE_SVC_NOTIFICATIONS;server1;Check Oracle Listener Status
SUBMITTING A NAGIOSCORE COMMAND...
.............PROCESSING COMMAND ID 6466...
PROCESS COMMAND: CMD=16, DATA=a:4:{s:9:"host_name";s:40:"server1";s:12:"service_name";s:28:"Check Oracle Listener Status";s:3:"cmd";i:54;s:10:"start_time";i:1536774049;}
COMMAND DATA: a:4:{s:9:"host_name";s:40:"server1";s:12:"service_name";s:28:"Check Oracle Listener Status";s:3:"cmd";i:54;s:10:"start_time";i:1536774049;}
CMDARR:
Array
(
[host_name] => server1
[service_name] => Check Oracle Listener Status
[cmd] => 54
[start_time] => 1536774049
)
CORE CMD: SCHEDULE_FORCED_SVC_CHECK;server1;Check Oracle Listener Status;1536774049
SUBMITTING A NAGIOSCORE COMMAND...
West cmdsubsys.log:
CORE CMD: DISABLE_SVC_NOTIFICATIONS;server2;/ Disk Usage
SUBMITTING A NAGIOSCORE COMMAND...
..
PROCESSED 2 COMMANDS
..........PROCESSING COMMAND ID 5288...
PROCESS COMMAND: CMD=16, DATA=a:3:{s:9:"host_name";s:36:"server2";s:12:"service_name";s:16:"/data Disk Usage";s:3:"cmd";i:23;}
COMMAND DATA: a:3:{s:9:"host_name";s:36:"server2";s:12:"service_name";s:16:"/data Disk Usage";s:3:"cmd";i:23;}
CMDARR:
Array
(
[host_name] => server2
[service_name] => /data Disk Usage
[cmd] => 23
)
I have 2 Nagios XI servers (East and West). I noticed on East that the file /usr/local/nagiosxi/var/cmdsubsys.log is in Ascii text and I could grab the info from this server. The file is also in a different layout than the West. The West is a data file, but I can vi it and look at it. It does not give me the same information as East. East gives me the start time of the command which I can convert to normal time via perl. Is there a way to convert the West cmdsubsys.log to ascii text or have it create a new file and have it written in ascii text?
[09:51:40]root@east:/usr/local/nagiosxi/var]# file cmdsubsys.log
/usr/local/nagiosxi/var/cmdsubsys.log: ASCII text
[09:53:16]root@west:/usr/local/nagiosxi/var]# file cmdsubsys.log
cmdsubsys.log: data
East cmdsubsys.log:
CORE CMD: DISABLE_SVC_NOTIFICATIONS;server1;Check Oracle Listener Status
SUBMITTING A NAGIOSCORE COMMAND...
.............PROCESSING COMMAND ID 6466...
PROCESS COMMAND: CMD=16, DATA=a:4:{s:9:"host_name";s:40:"server1";s:12:"service_name";s:28:"Check Oracle Listener Status";s:3:"cmd";i:54;s:10:"start_time";i:1536774049;}
COMMAND DATA: a:4:{s:9:"host_name";s:40:"server1";s:12:"service_name";s:28:"Check Oracle Listener Status";s:3:"cmd";i:54;s:10:"start_time";i:1536774049;}
CMDARR:
Array
(
[host_name] => server1
[service_name] => Check Oracle Listener Status
[cmd] => 54
[start_time] => 1536774049
)
CORE CMD: SCHEDULE_FORCED_SVC_CHECK;server1;Check Oracle Listener Status;1536774049
SUBMITTING A NAGIOSCORE COMMAND...
West cmdsubsys.log:
CORE CMD: DISABLE_SVC_NOTIFICATIONS;server2;/ Disk Usage
SUBMITTING A NAGIOSCORE COMMAND...
..
PROCESSED 2 COMMANDS
..........PROCESSING COMMAND ID 5288...
PROCESS COMMAND: CMD=16, DATA=a:3:{s:9:"host_name";s:36:"server2";s:12:"service_name";s:16:"/data Disk Usage";s:3:"cmd";i:23;}
COMMAND DATA: a:3:{s:9:"host_name";s:36:"server2";s:12:"service_name";s:16:"/data Disk Usage";s:3:"cmd";i:23;}
CMDARR:
Array
(
[host_name] => server2
[service_name] => /data Disk Usage
[cmd] => 23
)
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Who disabled notifications
The top item you are looking at a SCHEDULE_FORCED_SVC_CHECK command which has different data
If these are the same XI version they should have the exact same format
If these are the same XI version they should have the exact same format