Nagios Support Forum

Hello,

Please let me know if you think this is possible using the latest Nagios Log Server version...

We generate a CSV format access log file each day (@ 7:30AM) from a security system. I am already able to pull in that data using a CSV filter. In that data there is a field called "Date/Time" with output in the format: "07/30/2015 10:18:59"

I'd like to create an email alert based on anything being logged from 12:00AM-5:00AM...so for example if someone entered our building at "07/31/15 03:04:01", a query would be smart enough to trip an email alert.

Any help would be greatly appreciated. I haven't been able to find a solution for this yet using this tool.

No problem. I sent some sample logs to my Nagios Log Server to simulate your logs: Let's flip our query into regex mode - this will allow us to use regex syntax: The following query should match any log with a timestamp that lies in the 0000 - 0559 time range: Note that I had to strip the colons out of the timestamp field to get this regex match working properly - you can strip out characters in logstash using the mutate filter:
https://www.elastic.co/guide/en/logstas ... utate-gsub From there you should be able to set up an alert to alert you whenever a log comes in matching that event. Let me know if this works for you.

Outstanding!!! I forgot about the Regex search option. Thanks for the great support!

-KC

I'm happy to know that this will work for you. Let me know if you have any further questions!