Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Unifi USG Alerts

https://support.nagios.com/forum/viewtopic.php?t=59322

Page 1 of 1

Unifi USG Alerts

Posted: Mon Jul 13, 2020 12:58 pm
by johnny1337
Hi,
I am monitoring my Unifi USG logs to Nagios and the message field looks like below. I get maybe 5 log entries that are equal to each other and I don't want a new alert for each one. I just want one alert for each SRC-address.

"message": "[WAN_IN-2000-D]IN=eth0 OUT=eth1 MAC=* SRC=195.176.3.* DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=45418 DF PROTO=TCP SPT=35464 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x64800000 ",

Is it possible to solve this with Nagios?

Thank you!

Re: Unifi USG Alerts

Posted: Tue Jul 14, 2020 11:27 am
by jbrunkow
Yes! Great question. :D

First you will want to configure the machine you want to monitor as an input source, then apply a grok filter that defines the pattern your log is in.

What is "grok"? Well...
Grok is currently the best way in logstash to parse crappy unstructured log data into something structured and queryable.
CONFIGURING NAGIOS LOG SERVER FILTERS
Please refer to the document linked above for more detailed information on how to add an input source.

GROK documentation
The Logstash documentation on grok may also be useful for finding syntax that you may need to define your pattern.

I hope that helps! Let me know if you have any more questions.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited