Nagios Support Forum

Hello,

I'm looking to create an alert based on the Nagios XI Audit Log. The documentation shows that there should be an option under Admin > System Settings > Write Audit Log to file, however that no longer seems to exist. Is that the case or is there a different way to configure that now? We do not have Nagios Log Server. We are running v5.11.3.

Thanks in advance.

John

Hi John,

That's an Enterprise Feature in Admin -> Audit Log.

Aaron

Aaron,

The only option under Audit Logs is to Send to Nagios Log Server, however the Nagios XI Manuals and prior Support Forum questions reference an option under System Config for Write Audit Log to file. Here is a snipet from the Nagios XI Admin Guide vs what I see in my Nagios XI Instance.

Is the option to create a log auditlog no longer available?

Thanks...John

shoreypu wrote: ↑Fri Oct 18, 2024 2:03 pm Aaron,

The only option under Audit Logs is to Send to Nagios Log Server, however the Nagios XI Manuals and prior Support Forum questions reference an option under System Config for Write Audit Log to file. Here is a snipet from the Nagios XI Admin Guide vs what I see in my Nagios XI Instance.

Nagios Admin Guide Screenshot.png

My System Config Screenshot.png


Is the option to create a log auditlog no longer available?

Thanks...John

Hey John, I did some digging and that feature is no longer part of the product. It looks like the commit that removed that feature was the same one that added the ability to send the logs to Log Server. Could you send a link to the documentation that you found pointing to the feature?

Hi John,

I don't think that is configurable in the interface either currently or in your version. But setting that aside, assuming the auditlog were available as a file, then what would you do?

Aaron

sgardil wrote: ↑Fri Oct 18, 2024 3:03 pm

shoreypu wrote: ↑Fri Oct 18, 2024 2:03 pm Aaron,

The only option under Audit Logs is to Send to Nagios Log Server, however the Nagios XI Manuals and prior Support Forum questions reference an option under System Config for Write Audit Log to file. Here is a snipet from the Nagios XI Admin Guide vs what I see in my Nagios XI Instance.

Nagios Admin Guide Screenshot.png

My System Config Screenshot.png


Is the option to create a log auditlog no longer available?

Thanks...John

Hey John, I did some digging and that feature is no longer part of the product. It looks like the commit that removed that feature was the same one that added the ability to send the logs to Log Server. Could you send a link to the documentation that you found pointing to the feature?

It's under the Nagios XI Administrator Guide, under System Configuration/General Options. Here is the URL:
https://assets.nagios.com/downloads/nag ... raloptions

John

DoubleDoubleA wrote: ↑Fri Oct 18, 2024 3:11 pm Hi John,

I don't think that is configurable in the interface either currently or in your version. But setting that aside, assuming the auditlog were available as a file, then what would you do?

Aaron

Aaron,

I'm looking to be alerted when our systems or application teams disable notifications for any hosts or services. If there is another way of doing that, let me know.

Thanks...John

shoreypu wrote: ↑Mon Oct 21, 2024 8:05 am
It's under the Nagios XI Administrator Guide, under System Configuration/General Options. Here is the URL:
https://assets.nagios.com/downloads/nag ... raloptions

John

Thanks for the link. We are working on getting our documentation updated and I'll make sure to make a note of this.

As for a way to be alerted when teams disable notification on a host or service, unfortunately I don't believe we have an easy way to do this. You could probably make an event handle to log the information and alert you when it happens however this is going to be a fair amount of work and you would need to make a script to do so. Also you would need to add it to all the exsisting hosts/services. If you do want to do this I would recommend putting the event handler on a template and then using bulk modification tools in the ccm (if you have access) to add the template to the hosts and the services connected to the hosts should inherit the traits, assuming they don't already have event handlers specified.

Sorry that I didn't find an easier option, I'll dig a bit more to see if I can find anything else but in the mean time I'll add some links for docs if you did want to try this route.

Event Handlers
https://assets.nagios.com/downloads/nag ... dlers.html
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Object Inheritance with XI
https://assets.nagios.com/downloads/nag ... tance.html

Hi John,

Just to add to the info that @sgardil provided, as previously mentioned in this thread, if you do send this log data to a Nagios Log Server instance, you could set up an alert in Log Server based on the host (XI) and text filters on the log entries, which might meet your needs

We do not have a Nagios Log Server license.

Was there a technical reason for removing the ability to export the audit log? Seems like this is something that should continue to be natively built-in to Nagios XI.