Nagios Log Server Alerting

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
srinivasmandalika
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm

Nagios Log Server Alerting

Post by srinivasmandalika »

Hello,

We are using Nagios Log Server to monitor our logs and send out alert when we find --ERROR--

But from few days we are receiving alerts even if there is --WARN-- in the logs... I used search string as "--ERROR--"

Any help would be highly appreciated...

Thank You!

Srini
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Nagios Log Server Alerting

Post by mcapra »

When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar?

It's hard for me to say exactly what is going on without some sample logs and the exact search queries being used. - is a reserved character in Lucene, which may be part of the issue:
https://lucene.apache.org/core/4_7_0/qu ... Characters
Lucene supports escaping special characters that are part of the query syntax. The current list special characters are

+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /
Former Nagios employee
https://www.mcapra.com/
srinivasmandalika
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm

Re: Nagios Log Server Alerting

Post by srinivasmandalika »

When querying your logs normally via the Nagios Log Server GUI, do you see the same behavior? That --WARN-- logs show up when you simply put --ERROR-- into the search bar? -- Yes... It shows up...
srinivasmandalika
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm

Re: Nagios Log Server Alerting

Post by srinivasmandalika »

We are expecting to get an alert when Nagios finds below error in logs

--ERROR-- [taskScheduler-1] org.springframework.scheduling.support.TaskUtils$LoggingErrorHandler: Unexpected error occurred in scheduled task

But, even if there is a --WARN-- as below, we are receiving the alerts...

--WARN-- [taskScheduler-5] dao.ManagedDevicesDao: Exception org.springframework.jdbc.UncategorizedSQLException: StatementCallback; uncategorized SQLException for SQL [select DeviceUUid, PhoneNumber, User_Name, Model, Email_Address, principal, Serial_Number, imei, record_source from devices WHERE IsCurrentData='Y' and status_value='Active' and DeviceUUid in (select DeviceUUid from apps where IsCurrentData='Y' and upper(appname) like ' ' or upper(appname) like 'x%' )]; SQL state [HY008]; error code [0]; The query has timed out.; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The query has timed out. trying to query managedDevices DB. Waiting a couple seconds and trying again...

Let me know if you need any further information...
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Nagios Log Server Alerting

Post by mcapra »

I'd try refining your search. I don't have a cluster or set of documents to test against, but I suspect given the escape characters bit I mentioned earlier, the --ERROR-- search is matching this block of the message you don't want to alert on:

Code: Select all

error code [0];
Former Nagios employee
https://www.mcapra.com/
srinivasmandalika
Posts: 43
Joined: Thu Oct 20, 2016 4:09 pm

Re: Nagios Log Server Alerting

Post by srinivasmandalika »

Any suggestions?
Locked