Nagios Support Forum

Jklre wrote:Also I haven't looked into it thoroughly yet but is there a way to customize those e-mail notifications that go out? Ideally id like to include some table names form the alerts into the e-mail message if possible.

I missed this in your original query. It is not available currently, but I have added a feature request (internal ID 5072 ) to allow customization of messages on a per-alert basis (or you can use the predefined template).

Would that work?

scottwilkerson wrote:1. can be simplified, you are mutating either way, and we can put the add_tag inside the grok filter, change them like so

Code: Select all

if [type] == 'syslog' {
  grok {
    patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/."
    match => [ 'message', '%{SYSLOG5424PRI}%{MITCH_HOST:Mitch_host}%{GREEDYDATA:syslog_message}%%{CSTTERROR:CSTTError}%%%{MITCHERRORNUM:Mitch_ErrorNum}%%%{MITCHPRIORITY:Mitch_Priority}%%%{MITCH_ORG_HOST:Mitch_org_host}%{MITCHPROG:Mitch_prog}%{MITCHTIME:Mitchell_time}%{MITCHMESSAGE:Mitch_Message}%{MITCHMESSAGE2:Mitch_Message1}' ]
    add_tag => "Mitch_Jboss_Log"
  }

}
if [type] == 'syslog' {
  grok {
    patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/."
    match => [ 'message', '%{SYSLOG5424PRI}Message forwarded from %{MITCH_IBM_HOST:Mitch_host}:%{GREEDYDATA:Mitch_Message}' ]
    add_tag => "Mitch_IBM"
  }

}
if [type] == 'syslog' {
  grok {
    patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/."
    match => [ 'message', '%{SYSLOG5424PRI}%{HEARTBEAT:Mitch_Message}' ]
    add_tag => "Mitchell_Heart"
  }
}
}

Thesecond item, I'm going to have to have someone dig into, it should bring you to the same query ( not dashboard ) having all of the query elements and filters, but yours appears to be missing some of the filter items...

Thanks Scott.. that actually makes sense now that i'm looking at it.

scottwilkerson wrote:

Jklre wrote:Also I haven't looked into it thoroughly yet but is there a way to customize those e-mail notifications that go out? Ideally id like to include some table names form the alerts into the e-mail message if possible.

I missed this in your original query. It is not available currently, but I have added a feature request (internal ID 5072 ) to allow customization of messages on a per-alert basis (or you can use the predefined template).

Would that work?

Thanks for putting in that feature request. That would definitely come in handy. Also if there was a way to customize the alerts that get sent over to nagios. Our operations team used check_mk as a dashboard and we are trying to move away from email notifications eventually so everything will stay in the main dashboard / dashboards. So any additional info we can make appear into the dashboard besides the rule names would make troubleshooting issues a lot more efficient for them. Like send some custom bits of data back in the status detail of the alert.

jomann wrote:It looks like the issue with clicking into alert dashboards was a bug. I've attached a file that you can replace that will fix it.

Copy/replace the file in:
/var/www/html/nagioslogserver/www/app/dashboards

Thank you I added the attached file into the path listed above and bounced the server. It looks like i'm still seeing the same behavior from either clicking the link provided in the alert e-mails and also going into alerts and selecting the "show alert in dashboard button" are there any other steps I need to perform?

That fixed it in all of our tests. It is possible that this file is being cached by your browser

scottwilkerson wrote:That fixed it in all of our tests. It is possible that this file is being cached by your browser

That was it. it took forever to clear. I tried manually clearing the cache but no dice. But its working now so thanks.

I have run into a few other questions though. Specifically about filters. I would like to filter by a specific field. But I want to do it by a range of numbers (preferably with regex)

So instead of just filtering for 107100 search for 1071[0-9]{1,2} etc

Or also to be able to run query on specific tables.

Thank you

You can create a range filter for your example by adding the following to your query field:

Jklre wrote:

scottwilkerson wrote:That fixed it in all of our tests. It is possible that this file is being cached by your browser

That was it. it took forever to clear. I tried manually clearing the cache but no dice. But its working now so thanks.

I have run into a few other questions though. Specifically about filters. I would like to filter by a specific field. But I want to do it by a range of numbers (preferably with regex)

So instead of just filtering for 107100 search for 1071[0-9]{1,2} etc

ss8.jpg

Or also to be able to run query on specific tables.

Thank you

I actually just noticed. Since the patch you send the link in the email subject goes to the loop back address instead of the server name in those email notifications. unless i changed another setting somewhere.

"Here is the full alert output:
WARNING: 93 matching entries found |logs=93;90;100

See the last 1h in the dashboard:
http://127.0.0.1/var/www/html/nagioslog ... 9PyoCqQ3yA

Nagios Log Server"

Any ideas?

Thanks guys,
Jeremy

Could you go to "Administration > System Status" and post back the information in the Instance field?

tgriep wrote:Could you go to "Administration > System Status" and post back the information in the Instance field?

Here you go.