Hi,
I am monitoring my Unifi USG logs to Nagios and the message field looks like below. I get maybe 5 log entries that are equal to each other and I don't want a new alert for each one. I just want one alert for each SRC-address.
"message": "[WAN_IN-2000-D]IN=eth0 OUT=eth1 MAC=* SRC=195.176.3.* DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=45418 DF PROTO=TCP SPT=35464 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x64800000 ",
Is it possible to solve this with Nagios?
Thank you!
Unifi USG Alerts
Re: Unifi USG Alerts
Yes! Great question. 
First you will want to configure the machine you want to monitor as an input source, then apply a grok filter that defines the pattern your log is in.
What is "grok"? Well...
Please refer to the document linked above for more detailed information on how to add an input source.
GROK documentation
The Logstash documentation on grok may also be useful for finding syntax that you may need to define your pattern.
I hope that helps! Let me know if you have any more questions.
First you will want to configure the machine you want to monitor as an input source, then apply a grok filter that defines the pattern your log is in.
What is "grok"? Well...
CONFIGURING NAGIOS LOG SERVER FILTERSGrok is currently the best way in logstash to parse crappy unstructured log data into something structured and queryable.
Please refer to the document linked above for more detailed information on how to add an input source.
GROK documentation
The Logstash documentation on grok may also be useful for finding syntax that you may need to define your pattern.
I hope that helps! Let me know if you have any more questions.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!