Page 1 of 1
Send Index Alerts Based on the Log Server Audit Log
Posted: Wed Jan 21, 2026 10:38 am
by nasanasa
Greetings,
I am looking on the steps to send an email alert if someone tries to close or delete any of the indexes in Nagios Log server. Can anyone assist?
I did see this link to send alerts if user information is changed but I am looking for information to send an alert if indexes are modified in any way:
https://library.nagios.com/docs/nagios- ... -Audit-Log
Thank you,
Re: Send Index Alerts Based on the Log Server Audit Log
Posted: Wed Jan 21, 2026 4:56 pm
by kg2857
You may want to start by looking at a nagios core/XI check of the audit log, or a query/queries on the log server to see if an index has been closed or deleted.
Re: Send Index Alerts Based on the Log Server Audit Log
Posted: Mon Feb 23, 2026 8:31 pm
by akeanha
nasanasa wrote: ↑Wed Jan 21, 2026 10:38 am
Greetings,
I am looking on the steps to send an email alert if someone tries to close or delete any of the indexes in Nagios Log server. Can anyone assist?
I did see this link to send alerts if user information is changed but I am looking for information to send an alert if indexes are modified in any way:
https://library.nagios.com/docs/nagios- ... -Audit-Logplants vs brainrots
Thank you,
Hi,
You can configure this using the audit logs in Nagios Log Server. Index actions (close, delete, modify) are recorded there.
Steps:
Make sure audit logging is enabled.
Perform a test action on an index and check the audit log to identify the exact fields recorded.
Go to Alerts → New Alert and create a query matching index-related audit events (e.g. delete, close, update).
Set the condition (e.g. at least 1 event) and configure email notification.
Test by modifying a test index to confirm the alert triggers.