Page 1 of 2
Manage Alerting with XI and NRDP
Posted: Wed Jan 06, 2016 5:38 pm
by dworthcsl
Hi,
I am working on setting up alerts based on query thresholds. I am currently checking for failed ssh login attempts. I was able to set it up to pass the alert to NAgiosXI using NRDP. The alerts are getting to XI and emails are sent. The problem I am running into is that there is no real data that gets passed other than the name of the service, i.e. SSH failed logins.
I currently run log scraping in XI and when there is a failed login, it will show some detail such as the host and the user. Is there a way to pass more detail over to XI. It would be great to be able to pass the logsource and some type of message or even a link to NLS with the query.
Also, are there better ways to send alerts than to XI through NRDP? The preference is to have stuff go through XI so that we have a single pain of glass.
Thanks,
David
Re: Manage Alerting with XI and NRDP
Posted: Thu Jan 07, 2016 11:56 am
by jolson
I currently run log scraping in XI and when there is a failed login, it will show some detail such as the host and the user. Is there a way to pass more detail over to XI. It would be great to be able to pass the logsource and some type of message or even a link to NLS with the query.
I agree - we just added macros that you can use with outbound emails, hopefully attaching those macros to NRDP won't be a huge feat. Would you like me to put in a feature request for this functionality?
Also, are there better ways to send alerts than to XI through NRDP? The preference is to have stuff go through XI so that we have a single pain of glass.
I do want to mention that there is a Nagios Log Server wizard that allows you to query the NLS API from Nagios XI - which makes the check active as opposed to NRDP (which is passive).
Let me know if you have any other questions, thanks!
Re: Manage Alerting with XI and NRDP
Posted: Thu Jan 07, 2016 12:54 pm
by dworthcsl
Do you have any details on the macros? I can give that a try. BTW - when creating the alert on NLS, it only executed when I initiated it. It did not run on its own. Its currently set to run 5m and the lookback is set to 5m.
I will also try the active check using the wizard. I saw it, but was not sure how it was going to work.
Thanks
Re: Manage Alerting with XI and NRDP
Posted: Thu Jan 07, 2016 1:00 pm
by dworthcsl
Oh also forgot, can you put in a feature request. That would be a huge help for oncall. We do not have a NOC.
Re: Manage Alerting with XI and NRDP
Posted: Thu Jan 07, 2016 1:09 pm
by jolson
Do you have any details on the macros? I can give that a try. BTW - when creating the alert on NLS, it only executed when I initiated it. It did not run on its own. Its currently set to run 5m and the lookback is set to 5m.
No problem - the macros are present in Nagios Log Server version 1.4.0 (our latest release). They are located here:
2016-01-07 12_07_04-Email Templates • Nagios Log Server.png
The macros can be used as follows:
Code: Select all
%time% The time the alert was sent
%alertname% The name of the alert that is sending a message
%state% The state of the alert, OK, WARNING, CRITICAL, UNKNOWN
%lookback% The alert lookback period (example: 5m)
%warning% The warning threshold value
%critical% The critical threshold value
%output% The command line check output
%url% The url for the alert to be ran in the NLS dashboard
%uniquehosts% A newline separated list of unique hosts in the alert query.
Example:
192.68.1.5 (28)
192.168.5.112 (1220)
The value inside the parentheses is the amount of matching logs for the alert time period for the hosts.
%lastalertlog% The last log from the alert query.
Can only use one of %lastalertlog% OR %last10alertlogs% per email.
%last10alertlogs% The last 10 logs from the alert query.
Can only use one of %lastalertlog% OR %last10alertlogs%s per email.
I will file a feature request per your request. Thanks!
Jesse
Re: Manage Alerting with XI and NRDP
Posted: Thu Jan 07, 2016 2:36 pm
by dworthcsl
Thanks. for the macro info. Do the macros just apply to email alerts coming directly from NLS or is it possible to send that info back to XI through the passive nrdp check or active check? I created an active check using the wizard and its having the same result. No detailed information other than x matching entries found.
Re: Manage Alerting with XI and NRDP
Posted: Thu Jan 07, 2016 3:17 pm
by jolson
Do the macros just apply to email alerts coming directly from NLS or is it possible to send that info back to XI through the passive nrdp check or active check?
Unfortunately the macros only apply to email alerts coming directly from NLS for now - I have put in a feature request on your behalf to see if we can migrate some of the macros over to NRDP as well. Thanks for the good suggestion!
Re: Manage Alerting with XI and NRDP
Posted: Fri Jan 08, 2016 11:49 am
by dworthcsl
Hi Jesse
Thanks for putting that in. I hope that is something that can happen sooner than later. I am trying to make this as seem less as possible.
Regards,
David
Re: Manage Alerting with XI and NRDP
Posted: Fri Jan 08, 2016 12:01 pm
by jolson
No problem! The developers have been very good about implementing feature requests into Nagios Log Server, hopefully this one is easy enough to do quickly! May I close this thread?
Re: Manage Alerting with XI and NRDP
Posted: Fri Jan 08, 2016 1:12 pm
by dworthcsl
Yea you can close. Thanks again.