Hello,
Please let me know if you think this is possible using the latest Nagios Log Server version...
We generate a CSV format access log file each day (@ 7:30AM) from a security system. I am already able to pull in that data using a CSV filter. In that data there is a field called "Date/Time" with output in the format: "07/30/2015 10:18:59"
I'd like to create an email alert based on anything being logged from 12:00AM-5:00AM...so for example if someone entered our building at "07/31/15 03:04:01", a query would be smart enough to trip an email alert.
Any help would be greatly appreciated. I haven't been able to find a solution for this yet using this tool.
Sending email alerts for time period in log file
Re: Sending email alerts for time period in log file
No problem. I sent some sample logs to my Nagios Log Server to simulate your logs:
Let's flip our query into regex mode - this will allow us to use regex syntax:
The following query should match any log with a timestamp that lies in the 0000 - 0559 time range:
Note that I had to strip the colons out of the timestamp field to get this regex match working properly - you can strip out characters in logstash using the mutate filter:
https://www.elastic.co/guide/en/logstas ... utate-gsub
From there you should be able to set up an alert to alert you whenever a log comes in matching that event. Let me know if this works for you.
https://www.elastic.co/guide/en/logstas ... utate-gsub
Code: Select all
mutate {
gsub => [ "fieldname", ":", "" ]
}You do not have the required permissions to view the files attached to this post.
Re: Sending email alerts for time period in log file
Outstanding!!! I forgot about the Regex search option. Thanks for the great support!
-KC
-KC
Re: Sending email alerts for time period in log file
I'm happy to know that this will work for you. Let me know if you have any further questions! 