Page 1 of 1
Who disabled notifications
Posted: Wed Mar 06, 2019 9:28 am
by dcolotti
Is there any way of finding out what user disabled notifications for a particular service? Is there a log file (text based) that I can look at? I would like to write a script to notify us if notifications get disabled.
Re: Who disabled notifications
Posted: Wed Mar 06, 2019 12:42 pm
by scottwilkerson
If you go to Admin -> Audit Log and search for the following you will see the user that ran the command
Re: Who disabled notifications
Posted: Thu Mar 07, 2019 9:58 am
by dcolotti
This only goes back a month. It looks like it happened before this time period.
I have 2 Nagios XI servers (East and West). I noticed on East that the file /usr/local/nagiosxi/var/cmdsubsys.log is in Ascii text and I could grab the info from this server. The file is also in a different layout than the West. The West is a data file, but I can vi it and look at it. It does not give me the same information as East. East gives me the start time of the command which I can convert to normal time via perl. Is there a way to convert the West cmdsubsys.log to ascii text or have it create a new file and have it written in ascii text?
[09:51:40]root@east:/usr/local/nagiosxi/var]# file cmdsubsys.log
/usr/local/nagiosxi/var/cmdsubsys.log: ASCII text
[09:53:16]root@west:/usr/local/nagiosxi/var]# file cmdsubsys.log
cmdsubsys.log: data
East cmdsubsys.log:
CORE CMD: DISABLE_SVC_NOTIFICATIONS;server1;Check Oracle Listener Status
SUBMITTING A NAGIOSCORE COMMAND...
.............PROCESSING COMMAND ID 6466...
PROCESS COMMAND: CMD=16, DATA=a:4:{s:9:"host_name";s:40:"server1";s:12:"service_name";s:28:"Check Oracle Listener Status";s:3:"cmd";i:54;s:10:"start_time";i:1536774049;}
COMMAND DATA: a:4:{s:9:"host_name";s:40:"server1";s:12:"service_name";s:28:"Check Oracle Listener Status";s:3:"cmd";i:54;s:10:"start_time";i:1536774049;}
CMDARR:
Array
(
[host_name] => server1
[service_name] => Check Oracle Listener Status
[cmd] => 54
[start_time] => 1536774049
)
CORE CMD: SCHEDULE_FORCED_SVC_CHECK;server1;Check Oracle Listener Status;1536774049
SUBMITTING A NAGIOSCORE COMMAND...
West cmdsubsys.log:
CORE CMD: DISABLE_SVC_NOTIFICATIONS;server2;/ Disk Usage
SUBMITTING A NAGIOSCORE COMMAND...
..
PROCESSED 2 COMMANDS
..........PROCESSING COMMAND ID 5288...
PROCESS COMMAND: CMD=16, DATA=a:3:{s:9:"host_name";s:36:"server2";s:12:"service_name";s:16:"/data Disk Usage";s:3:"cmd";i:23;}
COMMAND DATA: a:3:{s:9:"host_name";s:36:"server2";s:12:"service_name";s:16:"/data Disk Usage";s:3:"cmd";i:23;}
CMDARR:
Array
(
[host_name] => server2
[service_name] => /data Disk Usage
[cmd] => 23
)
Re: Who disabled notifications
Posted: Thu Mar 07, 2019 1:19 pm
by scottwilkerson
The top item you are looking at a SCHEDULE_FORCED_SVC_CHECK command which has different data
If these are the same XI version they should have the exact same format