Notification alert count

[mejokj]

Hello,

I need to count total number of notification for a certain time period using CLI. Kindly help a way to achieve it.

[benjaminsmith]

Hi,

The easiest way would be to download the notifications report to csv file for a custom date period. I could find a way to get this too easily from the API, but you could search the nagios logs files for notification entries for a specified period. For example:

Code: Select all

find -newermt "01 January 2021" -not -newermt "13 August 2021" -exec cp {} /tmp \;
grep -ri 'host notification\|service notification'  /tmp | wc -l

[mejokj]

Hello,

The Total count which shows after running the command shows less. Its bigger than this.

[root@nagiosphy2 ~]# find -newermt "01 July 2021" -not -newermt "31 July 2021" -exec cp {} /tmp \;
You have new mail in /var/spool/mail/root
[root@nagiosphy2 ~]# grep -ri 'host notification\|service notification' /tmp | wc -l
20848
[root@nagiosphy2 ~]#


The count shows constant value when I try the below

[root@nagiosphy2 24hour]# find -newermt "01 January 2021" -not -newermt "13 August 2021" -exec cp {} /tmp \;
[root@nagiosphy2 24hour]# grep -ri 'host notification\|service notification' /tmp | wc -l
20848

[jdunitz]

You might have better results using zgrep, because some of the logs may be compressed. Also, in my example here, I'm able to one-shot it without writing temporary files:

find -newermt "01 January 2021" -not -newermt "13 August 2021" -exec zgrep -i 'host notification\|service notification' {} \;

Does that work better, or does it still miss some stuff you're expecting to see?

--Jeffrey

[mejokj]

There is no output with the command provided

[root@nagiosphy2 ~]# find -newermt "01 January 2021" -not -newermt "13 August 2021" -exec zgrep -i 'host notification\|service notification' {} \;
You have new mail in /var/spool/mail/root
[root@nagiosphy2 ~]#

[jdunitz]

No output at all? That's odd...you're doing the find from /usr/local/nagios/var/archives, correct?

Are the permissions OK there? Could you do a:
ls -l /usr/local/nagios/var/archives

and make sure the files in there are all readable?

--Jeffrey

[jdunitz]

You can also pull this info right from the DB, if you like:

SELECT * FROM nagios_logentries WHERE logentry_type IN ('524288', '1048576') AND entry_time BETWEEN '2021-08-17 00:00:00' AND '2021-08-18 00:00:00';

As a one-shot command from the shell:
echo "SELECT * FROM nagios_logentries WHERE logentry_type IN ('524288', '1048576') AND entry_time BETWEEN '2021-08-17 00:00:00' AND '2021-08-18 00:00:00';"| mysql -t -u root -pnagiosxi nagios

Note that there are only 90 days of logentries in the DB, so if you need to go back farther than that, you'd be out of luck, and the archived logs would be your only option.

--Jeffrey

[mejokj]

Hi Jeffrey,

Please close the thread.

I got the required information with the commands provided.

Thanks for your support