Nagios Log Server query problem on Nagios XI

[comfone]

Hi mcapra
I have attached the requested log file as well as a pic where you can see when it happens.

[rkennedy]

Are you able to set up the same query in NLS, and attempt to see if it reports the same result as XI? I'm wondering if we can differentiate the two, to see where the actual problem is at this point.

[comfone]

I have changed in Nagios XI from active check to passive check and configured an Alert in NLS over NRDP.
We sill get "false" alerts.
Attached some screenshots.

[rkennedy]

It looks like you have it set to 1: and 1: which will alert when nothing is found, you should be able to set it to 1 and 1 if you want an alert when it occurs once.

[comfone]

No the setting ist correct.
I want get an alert if NLS does not find any accourence.
The problem is, that NLS alarms that theis is no accourence eventough, as you can see on my attachements, there are accorances for this event.

[rkennedy]

I believe I understand now.

Could you show us the service state that was sent previously to 00:50:00? The log appears to happen just before 00:20:00, and your check is going back 70 min. I'm wondering if it's not respecting the 70m loopback that you have set, but rather 30 mins which would be a bug.

[comfone]

The "service state"?
Where du I get this information?
Moreover this happens to other alerts too. Always between arround 00:00 and 01:00 UTC.
"2016-12-10T01:17:41.988+01:00 ALERT Alert Name SSG-ETDR-TEST-ApplicationAlive returned CRITICAL: 0 matching entries found |logs=0;1:;1:"
Here also, alert is 0 matching but NLS should have found entries according to the log below:
The check interval for this alert is 5m and the look back 20m.
@timestamp host type message Actions
2016-12-10T02:37:53.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:37:47:318 ""
2016-12-10T02:32:43.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:32:42:867 ""
2016-12-10T02:27:43.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:27:38:052 ""
2016-12-10T02:22:43.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:22:36:562 ""
2016-12-10T02:17:42.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:17:36:251 ""
2016-12-10T02:12:42.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:12:33:376 ""
2016-12-10T02:07:32.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:07:29:735 ""
2016-12-10T02:02:31.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 01:02:25:606 ""
2016-12-10T01:57:21.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:57:21:172 ""
2016-12-10T01:52:21.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:52:18:132 ""
2016-12-10T01:47:21.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:47:17:641 ""
2016-12-10T01:42:20.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:42:15:207 ""
2016-12-10T01:37:20.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:37:12:387 ""
2016-12-10T01:32:10.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:32:09:900 ""
2016-12-10T01:27:10.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:27:09:564 ""
2016-12-10T01:22:09.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:22:05:236 ""
2016-12-10T01:17:09.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:17:05:095 ""
2016-12-10T01:12:09.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:12:02:266 ""
2016-12-10T01:06:58.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:06:57:913 ""
2016-12-10T01:01:58.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-10 00:01:52:960 ""
2016-12-10T00:56:58.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:56:50:345 ""
2016-12-10T00:51:48.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:51:47:988 ""
2016-12-10T00:46:47.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:46:46:833 ""
2016-12-10T00:41:47.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:41:45:233 ""
2016-12-10T00:36:47.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:36:40:591 ""
2016-12-10T00:31:47.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:31:39:987 ""
2016-12-10T00:26:36.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:26:35:035 ""
2016-12-10T00:21:36.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:21:34:281 ""
2016-12-10T00:16:36.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:16:30:088 ""
2016-12-10T00:11:36.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:11:27:855 ""
2016-12-10T00:06:26.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:06:23:343 ""
2016-12-10T00:01:26.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 23:01:23:100 ""
2016-12-09T23:56:25.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:56:20:082 ""
2016-12-09T23:51:25.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:51:18:491 ""
2016-12-09T23:46:25.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:46:17:384 ""
2016-12-09T23:41:25.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:41:15:426 ""
2016-12-09T23:36:14.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:36:14:775 ""
2016-12-09T23:31:14.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:31:14:481 ""
2016-12-09T23:26:14.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:26:13:448 ""
2016-12-09T23:21:14.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:21:12:862 ""
2016-12-09T23:16:14.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:16:11:371 ""
2016-12-09T23:11:13.000+01:00 10.20.160.66 SSG-ETDRS SSG-RUN-OK 2016-12-09 22:11:07:438 ""

[rkennedy]

I was referring to the XI interface, do you have a past history to show the previous states?

[comfone]

See attached pic.

[rkennedy]

The previous screenshot I was referring to, ended at 2016-12-07 00:50:20, what I am looking for is the state history for previously, so we can see what the result is. Do you have this available?