Page 3 of 3
Re: NagEventLog alert truncated at 192 Char
Posted: Thu Mar 28, 2019 1:05 pm
by tgriep
Thanks for the update that the system is receiving the Event Logs.
If you do not have any further questions, shall I close and lock the post for you?
Re: NagEventLog alert truncated at 192 Char
Posted: Fri Mar 29, 2019 8:38 am
by brucej543
Actually I do have additional questions: Using NCPA agent to get the log information, 1) how do you set up the warning/critical to send an alert if one event is found? 2) how do we send the detail data with the alert.
Re: NagEventLog alert truncated at 192 Char
Posted: Fri Mar 29, 2019 11:20 am
by tgriep
In the commands that are defined in the ncpa.cfg file, you would change the --warning 3 --critical 5 thresholds to what ever you want for when the email Notifications are sent.
Change them to a 1 and that will generate an alert on one event.
The emails should have the details in it but you may need to setup the to send the long service output in the emails.
See these docs for more details.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://assets.nagios.com/downloads/nag ... iables.pdf
Re: NagEventLog alert truncated at 192 Char
Posted: Tue Apr 02, 2019 7:53 am
by brucej543
I have completed the setup and changes and I am getting the log info being sent from the Window server to the Nagios server. The issue is that the status does not change from OK, therefor no alert with the longserviceouput is not being sent out when a log is received
Here is the passive command set up for this.
%HOSTNAME%|EVT_Security = /logs --name Security --logged_after 5m --severity AUDIT_SUCCESS --event_id 4732 --check true --warning 1 --critical 2
Re: NagEventLog alert truncated at 192 Char
Posted: Tue Apr 02, 2019 8:49 am
by tgriep
If you run a State History report for that host and all of it's services, do you see the state change for those Log Events?
Re: NagEventLog alert truncated at 192 Char
Posted: Tue Apr 02, 2019 11:27 am
by brucej543
The only occurrences of a “STATE” change is when the service has 2 log events and then it produces a State change to Warning. When only one log is present, the STATE does not change from OK.
It looks like the count has to be greater than "1" to get a warning and greater than "2" to get critical. Can the variable count to check equals to 1.
Re: NagEventLog alert truncated at 192 Char
Posted: Tue Apr 02, 2019 11:46 am
by brucej543
I have resolved the issue by changing the warning value to "0" (zero) and now the state changes to warning and the alert is sent out.
I though I had tried this in my trying to make it work, well I guess not. So for everyone around. The value of 0 (zero) to check is valid.
Re: NagEventLog alert truncated at 192 Char
Posted: Tue Apr 02, 2019 1:52 pm
by tgriep
Thanks for reporting back that you figured it out. Glad that it is working for you now.
Let us know if you have any further questions or that it is OK to lock the post.
Re: NagEventLog alert truncated at 192 Char
Posted: Fri Apr 05, 2019 11:22 am
by brucej543
Thank you for your support and guidance. You can close/lock this post.