How to change NRDP output

[piotrromaniuk]

Hi,

I set my first alert with send nrdp to nagios. Sending works fine but i have problem with output. I need to check when password for different users expire or expired. In output i have "CRITICAL: 7 matching entries found |logs=7;1;1" or on nagios "0 pattern matches found". I need output like username password expired or username password expire in 2 days.

Can You help? '

[cdienger]

It sounds like you have an alert configured to find specific events that isn't limited to a specific user. Is this correct?

The NRDP alert will only send the host name, service name, and number of items returned by a query but not the actual results of the query. To alert if a certain user runs into these events you would need to filter for the user in the NLS query and set up an alert for that query.

[piotrromaniuk]

So, as I understand it, I have to define a separate alert for each user? Can I get the information to the output on which servers the password expires?


For example i have alert shh fail log like in picture.
I need to change output like this OK: 0 matching entries found |logs=0;1;1 to "failed password for user on serwer"

[cdienger]

Correct. An alert per user would be needed. The NRDP alerts in NLS don't send the contents of the logs - just the hostname, service name, alert name, and the number of results from the query. Alerting per server would be the same thing.

Setting up email alerts may be a better fit here. Emails can include portions of the log that caused the alert to be triggered and would give you the details you're looking for without having to set up alerts per user per server.

[piotrromaniuk]

Is it possible to make a script that will save the content of a given email to a file or the same information like in email save to file? Then with a nagios check log I could extract this information for monitoring.

[cdienger]

The script option is limited to passing these arguments:

%count% - The total # of events
%status% - The status (ok, warning, critical)
%output% - The output from the alert
%lastrun% - The timestamp of the last run

None of these will have the details you want, but we do have a feature request to add something like this. I've added your info to the request.

The email alert will have the information you want but it would require a plugin to download, parse the email, and return the status in a format that works with Nagios. I'm not aware of a plugin that will do exactly what you want, but there is default check_imap_receive plugin which may be a good starting point if you're familiar with perl and wanted to create the plugin.

https://nagios-plugins.org/doc/guidelines.html
https://assets.nagios.com/downloads/nag ... ios-XI.pdf