Hello,
We are using Nagios Log Server to monitor our logs and send out alert when we find --ERROR--
But from few days we are receiving alerts even if there is --WARN-- in the logs... I used search string as "--ERROR--"
Any help would be highly appreciated...
Thank You!
Srini
Nagios Log Server Alerting
Re: Nagios Log Server Alerting
When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar?
It's hard for me to say exactly what is going on without some sample logs and the exact search queries being used. - is a reserved character in Lucene, which may be part of the issue:
https://lucene.apache.org/core/4_7_0/qu ... Characters
It's hard for me to say exactly what is going on without some sample logs and the exact search queries being used. - is a reserved character in Lucene, which may be part of the issue:
https://lucene.apache.org/core/4_7_0/qu ... Characters
Lucene supports escaping special characters that are part of the query syntax. The current list special characters are
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Posts: 43
- Joined: Thu Oct 20, 2016 4:09 pm
Re: Nagios Log Server Alerting
When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar? -- Yes... It shows up...
-
- Posts: 43
- Joined: Thu Oct 20, 2016 4:09 pm
Re: Nagios Log Server Alerting
We are expecting to get an alert when Nagios finds below error in logs
--ERROR-- [taskScheduler-1] org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler: Unexpected error occurred in scheduled task
But, even if there is a --WARN-- as below, we are receiving the alerts...
--WARN-- [taskScheduler-5] dao.ManagedDevicesDao: Exception org.springframework.jdbc.UncategorizedSQLException: StatementCallback; uncategorized SQLException for SQL [select DeviceUUid, PhoneNumber, User_Name, Model, Email_Address, principal, Serial_Number, imei, record_source from devices WHERE IsCurrentData='Y' and status_value='Active' and DeviceUUid in (select DeviceUUid from apps where IsCurrentData='Y' and upper(appname) like ' ' or upper(appname) like 'x%' )]; SQL state [HY008]; error code [0]; The query has timed out.; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The query has timed out. trying to query managedDevices DB. Waiting a couple seconds and trying again...
Let me know if you need any further information...
--ERROR-- [taskScheduler-1] org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler: Unexpected error occurred in scheduled task
But, even if there is a --WARN-- as below, we are receiving the alerts...
--WARN-- [taskScheduler-5] dao.ManagedDevicesDao: Exception org.springframework.jdbc.UncategorizedSQLException: StatementCallback; uncategorized SQLException for SQL [select DeviceUUid, PhoneNumber, User_Name, Model, Email_Address, principal, Serial_Number, imei, record_source from devices WHERE IsCurrentData='Y' and status_value='Active' and DeviceUUid in (select DeviceUUid from apps where IsCurrentData='Y' and upper(appname) like ' ' or upper(appname) like 'x%' )]; SQL state [HY008]; error code [0]; The query has timed out.; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The query has timed out. trying to query managedDevices DB. Waiting a couple seconds and trying again...
Let me know if you need any further information...
Re: Nagios Log Server Alerting
I'd try refining your search. I don't have a cluster or set of documents to test against, but I suspect given the escape characters bit I mentioned earlier, the --ERROR-- search is matching this block of the message you don't want to alert on:
Code: Select all
error code [0];
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Posts: 43
- Joined: Thu Oct 20, 2016 4:09 pm
Re: Nagios Log Server Alerting
Any suggestions?