Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Query/Search Issues

https://support.nagios.com/forum/viewtopic.php?t=37569

Page 1 of 1

Query/Search Issues

Posted: Thu Mar 17, 2016 12:55 am
by dlimanow
Hello,
I have 10 servers sending their syslog and auditd information to a centralized Nagios Log Server. I'd like to find the documents that contain "type=EXECVE". However, if I do that (and there are PLENTY of documents with that string plastered all over, nothing shows up after performing that query. I can do "type" or "type=", but then only "type" is highlighted, making the search useless for me.

What am I doing wrong?

Thanks,
Daniel

Re: Query/Search Issues

Posted: Thu Mar 17, 2016 10:01 am
by jolson
Give this query a try:

Code: Select all

type:EXECVE

Re: Query/Search Issues

Posted: Mon Mar 21, 2016 9:18 pm
by dlimanow
jolson wrote:Give this query a try:

Code: Select all

type:EXECVE

This does not work. However, I have just been using "EXECVE" and that has been working for me. But why can I not query more than one word? For example, "this = myQuery" only results in the word "this" being highlighted...

Thanks for your help.

Re: Query/Search Issues

Posted: Tue Mar 22, 2016 11:32 am
by hsmith
Can you possibly show us a screenshot of one of the logs, expanded out. I want to see what fields it is generating.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited