Query/Search Issues

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
dlimanow
Posts: 3
Joined: Thu Mar 17, 2016 12:50 am

Query/Search Issues

Post by dlimanow »

Hello,
I have 10 servers sending their syslog and auditd information to a centralized Nagios Log Server. I'd like to find the documents that contain "type=EXECVE". However, if I do that (and there are PLENTY of documents with that string plastered all over, nothing shows up after performing that query. I can do "type" or "type=", but then only "type" is highlighted, making the search useless for me.

What am I doing wrong?

Thanks,
Daniel
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Query/Search Issues

Post by jolson »

Give this query a try:

Code: Select all

type:EXECVE
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
dlimanow
Posts: 3
Joined: Thu Mar 17, 2016 12:50 am

Re: Query/Search Issues

Post by dlimanow »

jolson wrote:Give this query a try:

Code: Select all

type:EXECVE

This does not work. However, I have just been using "EXECVE" and that has been working for me. But why can I not query more than one word? For example, "this = myQuery" only results in the word "this" being highlighted...

Thanks for your help.
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Query/Search Issues

Post by hsmith »

Can you possibly show us a screenshot of one of the logs, expanded out. I want to see what fields it is generating.
Former Nagios Employee.
me.
Top
Locked

Return to “Nagios Log Server”