Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

VPN Logs query filter

https://support.nagios.com/forum/viewtopic.php?t=39874

Page 1 of 1

VPN Logs query filter

Posted: Fri Aug 19, 2016 9:47 am
by alecas1
I would like to know how to configure Nagios Log server in order to sent an email alert regarding any VPN Logs ( create a query on Nagios to filter VPN Logs ) , thanks

Re: VPN Logs query filter

Posted: Fri Aug 19, 2016 10:56 am
by mcapra
This is somewhat contingent on the content of the log entry.

Step 1 would be figuring out what your query should look like. Say I have a really basic VPN log that looks like this:

Code: Select all

VPN CONNECT: Simone (10.10.10.2)
VPN DISCONNECT: Simone (10.10.10.2)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN FAILED: Simmons [Invalid Credentials] (56.76.33.12)
VPN CONNECT: Jerry (10.10.10.3)
VPN CONNECT: Tom (10.10.10.4)
VPN DISCONNECT: Tom (10.10.10.4)
VPN DISCONNECT: Jerry (10.10.10.3)
If I wanted to capture all "VPN CONNECT" events, I could define a query like so from the main dashboard:
2016_08_19_10_47_20_Dashboard_Nagios_Log_Server.png
Which will return all VPN CONNECT events:
2016_08_19_10_48_06_Dashboard_Nagios_Log_Server.png
Once I have the query defined and it's returning the data I want to alert on, I can save the query:
2016_08_19_10_49_42_Dashboard_Nagios_Log_Server.png
2016_08_19_10_51_12_Dashboard_Nagios_Log_Server.png
Then from the "Alerting" menu, you would create a New Alert using the query you just defined. If you want to be notified on every VPN CONNECT entry, set both the thresholds to 0.

Re: VPN Logs query filter

Posted: Sat Aug 20, 2016 8:23 am
by alecas1
Thank you. Following the information that you posted i did the configuration of the query and i received the VPN alerts by email correctly.

Do you know how to configure the Email Template in order to include in the VPN alert email the complete text content of the message generated by the Log

Thanks

Re: VPN Logs query filter

Posted: Mon Aug 22, 2016 12:11 am
by Box293
%lastalertlog%

Alerting > Email Templates
Click the View Macros button for more information.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited