Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Aggregated alerts

https://support.nagios.com/forum/viewtopic.php?t=49490

Page 1 of 1

Aggregated alerts

Posted: Wed Jul 18, 2018 7:44 am
by patalenszki.zoltan
Dear customer support,

Is it possible somehow to write alerts based on aggregated queries in Nagios Log Server?
ie: Alerts when one of our users loged in more than 10 times in 5 minutes. I have not find solution for that.

Thanks in advanced!

Best Regards,
Zoli

Re: Aggregated alerts

Posted: Wed Jul 18, 2018 10:12 am
by jomann
Alerts are based on the number of returned objects. So you can manually write a query and test it locally on the Elasticsearch system and then input it into the Alert in the NLS GUI. I don't know if an aggregate would work properly, because it would only return the aggregated amount. You'd want to return each log object for the times they logged in. Really you just need to query the user, get the logs that shows they logged in, and then set that query up in the Alert.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited