Question about log server notifications

[benhank]

Hey guys I have my log server pulling eventlogs from my windows servers.
I would like to know if I can configure the logserver to send an alert that contains all of the text of the evenlog message. For example:

Capture.PNG

the Ideal scenario would be that all the text located in the message field would become the alert/ notification that appears in nagios.

[mcapra]

The %lastalertlog% macro can do this. You can view all the macros usable in an email template here:

2017_04_13_16_10_44_Email_Templates_Nagios_Log_Server.png

Unfortunately, that's not usable in an NRDP check that you pass off to Nagios XI yet; Just emails. Using macros in scripts/NRDP messages won't be in NLS until a future version.

[benhank]

Where do I put the macros are the one thing in Nagios I never understood.(Yes I am ashamed).

Capture.PNG

[mcapra]

You'd first have to create a new email template. Then, you can chuck them in the body of the template in whatever way you like.

Then, when you're creating an alert later on, you can pick the template from a drop-down menu if the method is "Email Users"

2017_04_27_11_55_46_Alerting_Nagios_Log_Server.png

[benhank]

Thanks man. I appreciate it.

[cdienger]

Did you have any additional questions regarding this?

[benhank]

yes, I created an alert for the log event.
The problem is that I dont know how to configure the alert to send when the event occurs it seems.
How do I configure the Warning and Critial thresholds for an event that I want to be alerted on everytime it happens?

[tgriep]

Have you taken a look at the guide for setting up Logserver to send alerts at the link below?
http://assets.nagios.com/downloads/nagi ... Server.pdf
If you have setup an email alert, one thing is that use users in the list have to be highlighted / selected for the alert to send the emails to that user.
If they are not highlighted, they will not be emailed the alert.

Logserver-Email-User.PNG

[benhank]

now im not THAT lazy lol!
Yes I read it. I have notifications being sent to my email addys, but this particular event will be tracking when a new user is added to a server, which is not frequent.
I'm trying to set it up so that every time the event happens, an alert will be sent as critical.

[tgriep]

It could be that the Lookback setting is set to zero, try settings it to the 1 second like Check interval and see if it works.

Lookback Period – How far in the logs to look back when counting messages.

I am betting that zero means don't go back at all in the log when counting the messages.