Page 1 of 1
Question about notifications Version2
Posted: Mon May 01, 2017 3:27 pm
by benhank
Hey guys, I have been tasked with a new project:
We have the NLS running as well as Nagiosxi.
Certain windows event logs are being monitored.
I have a user who has requested that when a notification for the event log is sent to him, he would like the notification email to contain:
1. The Message text contained in the event log
2. Retain the original formatting of the Original event log.
For example:
instead of:
Code: Select all
A user account was enabled. Subject: Security ID: S-1-5-21-2240559137-3205043459-73869318-4993 Account Name: bhankers Account Domain: HEALTHONE Logon ID: 0x14a6890a2 Target Account: Security ID: S-1-5-21-2322775055-62736158-2413983362-1006 Account Name: dopey Account Domain: WKENNAGWEBT01
He would like to see:
Capture.PNG
Lastly,
the solution will only be used for HIM, and not our other users.They will continue to get notifications formatted normally.
What Nagios solution would you suggest?
NLS, Nagiosxi or Having a custom solution created by you guys ?
Thanks!
Re: Question about notifications Version2
Posted: Mon May 01, 2017 4:25 pm
by dwhitfield
What you'll need to do is create a custom service notification command. You can see how these are added to contacts on the Alert Settings tab of Contact Management (
http://YOURSERVER/nagiosxi/includes/com ... 26page%3D1). It's the second blue button.
As for creating the command itself, that's done under the commands option in the CCM (
http://YOURSERVER/nagiosxi/includes/com ... 26page%3D1)
Page 7 of
https://assets.nagios.com/downloads/nag ... iables.pdf is where things will get useful for you (minus the variables themselves on pages 2 and 4).
Re: Question about notifications Version2
Posted: Tue May 02, 2017 9:01 am
by benhank
thanks man!
Re: Question about notifications Version2
Posted: Tue May 02, 2017 9:20 am
by cdienger
Glad to help! Let us know if you run into any problems or have any questions.
Re: Question about notifications Version2
Posted: Tue May 02, 2017 10:26 am
by benhank
can regex formatting be used in notifications?
Re: Question about notifications Version2
Posted: Tue May 02, 2017 1:56 pm
by cdienger
Can you clarify? Are you looking to add tabs, carriage returns, etc.. with something like [ \t] and [\r]? This isn't possible and
https://assets.nagios.com/downloads/nag ... iables.pdf covers expected format, but I want to make sure I'm understanding the request as a feature request may be in order.
Re: Question about notifications Version2
Posted: Tue May 02, 2017 2:16 pm
by dwhitfield
So, the real question here is what you mean by "in notifications"?
If you mean, "Can I use regex to send emails?", then yes, that *is* possible. You can set up *any* script to run in a command, so if that script includes regex there you go.
If you want to use the notifications as they are set up to do in XI, then as
@cdienger noted, the PDF I sent yesterday goes over the expected format.
Re: Question about notifications Version2
Posted: Wed May 03, 2017 10:09 am
by benhank
What I mean is email notifications.
As for the regex, I was hoping that I could add carriage returns via regex.
In my OP i mentioned that I am looking for a solution using either XI or NLS.
In NLS The Json and raw format of a log event looks like this:
Code: Select all
"message": "A user account was created.\r\n\r\nSubject:\r\n\tSecurity ID:\t\tS-1-5-21-2240559137-3205043459-73869318-4993\r\n\tAccount Name:\t\tbhankers\r\n\tAccount Domain:\t\tHEALTHONE\r\n\tLogon ID:\t\t0x14a6890a2\r\n\r\nNew Account:\r\n\tSecurity ID:\t\tS-1-5-21-2322775055-62736158-2413983362-1005\r\n\tAccount Name:\t\tdopey\r\n\tAccount Domain:\t\tWKENNAGWEBT01\r\n\r\nAttributes:\r\n\tSAM Account Name:\tdopey\r\n\tDisplay Name:\t\t<value not set>\r\n\tUser Principal Name:\t-\r\n\tHome Directory:\t\t<value not set>\r\n\tHome Drive:\t\t<value not set>\r\n\tScript Path:\t\t<value not set>\r\n\tProfile Path:\t\t<value not set>\r\n\tUser Workstations:\t<value not set>\r\n\tPassword Last Set:\t<never>\r\n\tAccount Expires:\t\t<never>\r\n\tPrimary Group ID:\t513\r\n\tAllowed To Delegate To:\t-\r\n\tOld UAC Value:\t\t0x0\r\n\tNew UAC Value:\t\t0x15\r\n\tUser Account Control:\t\r\n\t\tAccount Disabled\r\n\t\t'Password Not Required' - Enabled\r\n\t\t'Normal Account' - Enabled\r\n\tUser Parameters:\t<value not set>\r\n\tSID History:\t\t-\r\n\tLogon Hours:\t\tAll\r\n\r\nAdditional Information:\r\n\tPrivileges\t\t-",
Im thinking that if I can get Nagios to correcty read the Json or RAW format perhaps I can get the formatting of the email notification I am looking for.
Re: Question about notifications Version2
Posted: Wed May 03, 2017 2:02 pm
by benhank
thanks guys!
you can lock this Im gonna try to make it work from the log server