Page 1 of 1
Alerting on Application logs
Posted: Fri Jan 13, 2017 2:16 am
by Fred Kroeger
Hi - I have about 10 application logs on a server (one log file per client site). Nxlog is configured to capture *.log files in the log folder and is forwarding them OK to NLS. In my dashboard it shows the Source FileName so that I can run a query for that client site.
My problem is that when I create the alert , I can't provide the Source Filename in the message to indicate which client site it is from. I really didn't want to create 10 indiviual alerts.
Is there some way that I can provide more information in the alert message?
regards... Fred
Re: Alerting on Application logs
Posted: Fri Jan 13, 2017 10:25 am
by rkennedy
Could you show us a screenshot of an entire log with all applicable fields for us to look at? If you don't want to match the filename that's fine, you'll just need to find a common denominator between what you'd like an alert on. One thing from the NXlog side you could probably do is add your own tagging as well for this.
Re: Alerting on Application logs
Posted: Sun Jan 15, 2017 7:05 pm
by Fred Kroeger
Screenshot below. Query is on the SourceModuleName and I search the message field for the error message to alert on.
I wanted to avoid having a separate query for each file name mainly so that if a new log file is created, it will pick it up automatically instead of having to create yet another query for the new file.
Basically I want to alert if the message contains a defined string and for the alert to contain the message & theSourceName so that we can identify the log file that has triggered the alert
Capture.PNG
Re: Alerting on Application logs
Posted: Mon Jan 16, 2017 12:30 pm
by rkennedy
Would it work to match on the Hostname or SourceModuleName instead of the SourceName? That way it'll apply to all 10 log files at once, rather then just one by one.
Re: Alerting on Application logs
Posted: Mon Jan 16, 2017 1:42 pm
by rkennedy
Also, as far as the alerts go, I filed a feature request so that you could pull specific field information in the email -
Code: Select all
Nagios Log Server Feature Request: Allow %lastalertlog% to be broken down to indiividual fields
Re: Alerting on Application logs
Posted: Mon Jan 23, 2017 9:22 pm
by Fred Kroeger
Thanks for submitting the Feature Request.
I think matching on Hostname doesn't help because there could be other logs coming from that host.
At the moment I am matching on the Source Module name to capture all those logs at once. That was why it was important to pass the Source Filename in the email so that we know which logfile contained the error.
Regards... Fred
Re: Alerting on Application logs
Posted: Tue Jan 24, 2017 5:03 pm
by rkennedy
Got it - not much can be done then I don't think. We'll have to wait for the FR to be approved at this point. I'll leave this open should you want to request an update.