Page 1 of 2
Question about log server notifications
Posted: Thu Apr 13, 2017 3:47 pm
by benhank
Hey guys I have my log server pulling eventlogs from my windows servers.
I would like to know if I can configure the logserver to send an alert that contains all of the text of the evenlog message. For example:
Capture.PNG
the Ideal scenario would be that all the text located in the message field would become the alert/ notification that appears in nagios.
Re: Question about log server notifications
Posted: Thu Apr 13, 2017 4:11 pm
by mcapra
The
%lastalertlog% macro can do this. You can view all the macros usable in an email template here:
2017_04_13_16_10_44_Email_Templates_Nagios_Log_Server.png
Unfortunately, that's not usable in an NRDP check that you pass off to Nagios XI yet; Just emails. Using macros in scripts/NRDP messages won't be in NLS until a future version.
Re: Question about log server notifications
Posted: Thu Apr 27, 2017 9:39 am
by benhank
Where do I put the macros are the one thing in Nagios I never understood.(Yes I am ashamed).
Capture.PNG
Re: Question about log server notifications
Posted: Thu Apr 27, 2017 11:56 am
by mcapra
You'd first have to create a new email template. Then, you can chuck them in the body of the template in whatever way you like.
Then, when you're creating an alert later on, you can pick the template from a drop-down menu if the method is "Email Users"
2017_04_27_11_55_46_Alerting_Nagios_Log_Server.png
Re: Question about log server notifications
Posted: Thu Apr 27, 2017 1:43 pm
by benhank
Thanks man. I appreciate it.
Re: Question about log server notifications
Posted: Thu Apr 27, 2017 2:33 pm
by cdienger
Did you have any additional questions regarding this?
Re: Question about log server notifications
Posted: Wed May 03, 2017 2:12 pm
by benhank
yes, I created an alert for the log event.
The problem is that I dont know how to configure the alert to send when the event occurs it seems.
How do I configure the Warning and Critial thresholds for an event that I want to be alerted on everytime it happens?
Re: Question about log server notifications
Posted: Wed May 03, 2017 4:10 pm
by tgriep
Have you taken a look at the guide for setting up Logserver to send alerts at the link below?
http://assets.nagios.com/downloads/nagi ... Server.pdf
If you have setup an email alert, one thing is that use users in the list have to be highlighted / selected for the alert to send the emails to that user.
If they are not highlighted, they will not be emailed the alert.
Logserver-Email-User.PNG
Re: Question about log server notifications
Posted: Thu May 04, 2017 9:57 am
by benhank
now im not THAT lazy lol!
Yes I read it. I have notifications being sent to my email addys, but this particular event will be tracking when a new user is added to a server, which is not frequent.
I'm trying to set it up so that every time the event happens, an alert will be sent as critical.
Re: Question about log server notifications
Posted: Thu May 04, 2017 10:26 am
by tgriep
It could be that the Lookback setting is set to zero, try settings it to the 1 second like Check interval and see if it works.
Lookback Period – How far in the logs to look back when counting messages.
I am betting that zero means don't go back at all in the log when counting the messages.