Nagios Support Forum

I have used the NCPA passive configuration and using the gui api constructor I can not properly filter out the results. Attached is a log for results of api when changing the api string to "Source" instead of application.

The gui api interface constructs the following string and will display no results for the request:
https://localhost:5693/api/logs?name=Ap ... n=Symantec Antivirus&check=true

Changed to https://localhost:5693/api/logs?name=Ap ... e=Symantec Antivirus&EventID=7&check=true

and received results in log file attached. When trying to add the EventID=7, receive no results as well. Using filter of 1 or 2 days is same results.
Example: https://localhost:5693/api/logs?name=Ap ... n=Symantec Antivirus&check=true
I have manually verified that an event ID of 7 exists for Symantec Antivirus in the application logs.

Please advise,

Joseph

Update: ComputerName was required when using the API GUI construct interface to receive desired results to include Symantec AntiVirus. Without field being entered, no results would be found. When adding additional filter to the Message filter box, found desired results. Had to adjust from 24 hour to 12 hours to receive latest message within 24 hours time I believe due to server time being in a different time zone. If this should not be an requirement, please let me know otherwise close this topic, thank you.

Hi @mrjsokol,

Thanks for the update and glad you got it worked out. If you didn't already find it, the following page has all the details on the filter parameters, such as the lookback period.

https://www.nagios.org/ncpa/help.php#api-modules-logs

We'll close this out for now, but feel free to open another post if you have any new questions.