Detail event log?!

[xpertech]

One of hosts down for 12 hours, our client said they didn't get alert message, when we check the monitoring items alert contacts, all setup were correct.

We setup the monitoring items for our client in the beginning of NagiosXI installation, we suspect one of our clients delete alert contacts for some reason and then recover, but we can't find evidence in event logs.

Is there any clue for us to verify that? because another client challenge NagiosXI is not stable.

[lmiltchev]

...we suspect one of our clients delete alert contacts for some reason and then recover, but we can't find evidence in event logs.

If you have an Enterprise Edition, you could go to:

Admin->System Information->Audit Log

and view all of the changes that were made on the XI system.

[xpertech]

...we suspect one of our clients delete alert contacts for some reason and then recover, but we can't find evidence in event logs.

If you have an Enterprise Edition, you could go to:

Admin->System Information->Audit Log

and view all of the changes that were made on the XI system.

If someone change Notifications "Send alert notifications to...", this seems won't display in audit log?

[scottwilkerson]

What was the picture in the original post a picture of?

the easiest way to see what notifications were sent out is to run the notifications report, it will show all notifications that Nagios sent out, if they weren't received it would be a problem AFTER they left the Nagios server.

[xpertech]

What was the picture in the original post a picture of?

the easiest way to see what notifications were sent out is to run the notifications report, it will show all notifications that Nagios sent out, if they weren't received it would be a problem AFTER they left the Nagios server.

The most important thing is ... we are not going to find whether the notification had been sent out, what we want to know is ... did someone change the notification settings at specific time?
from the audit log, we can not see any clue, we only see someone reconfigured an item, but no more details(eg. user reconfigured notification settings).
so, we like to know if there is a way to find out?

[lmiltchev]

If a user changes his/her notification settings, it will definitely show up in the audit log. For example:

Code: Select all

Date / Time 	        ID 	Source 	  Type 	 User          IP Address 	    Message
2013-02-15 09:02:21	6242	Nagios XI	CHANGE	user1	      x.x.x.x	        User updated their notification preferences
2013-02-15 09:02:19	6229	Nagios XI	CHANGE	nagiosadmin	x.x.x.x	        User updated their notification preferences

[xpertech]

If a user changes his/her notification settings, it will definitely show up in the audit log. For example:

Code: Select all

Date / Time 	        ID 	Source 	  Type 	 User          IP Address 	    Message
2013-02-15 09:02:21	6242	Nagios XI	CHANGE	user1	      x.x.x.x	        User updated their notification preferences
2013-02-15 09:02:19	6229	Nagios XI	CHANGE	nagiosadmin	x.x.x.x	        User updated their notification preferences

What I mean is not the "Notification Preference", I mean when modify "service detail>configure service>notifications>Send alert notifications to...", the "audit log" will not logging user action?!

[lmiltchev]

OK, in this case the audit log would NOT give you details on what exactly has been modified. This functionality doesn't exist yet in XI, but you are welcome to post a feature request on our bug tracker:

http://tracker.nagios.com

Having said that, I believe you can still determine for sure who modified notifications for this service. Let's say you know that notifications are disabled now. You know what user modified this particular service and when. You can view your previous configuration snapshot, and check if notifications are enabled for this service. If this user is the only one, who modified this service, it is logical to assume that he/she disabled notifications.