;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
;)
Problem Description
You will observe that sometimes filters that are added to a search contain a newline (\n) character to the filter and due to this no results are found.
Explanation
In this screenshot, you can see that from an event, clicking the Magnifying Glass icon will add a filter which matches the value in the field:
This screenshot shows the filter that was added. You can see that \n was added to the filter, and you can see below this causes 0 hits to be returned:
You can edit the filter to remove \n which will result in search results being correctly returned.
Resolving The Problem
What is causing this is that the original server that sent the syslog message had \n as part of the message. When you are seeing the value in the event in Nagios Log Server, \n is not being displayed, but it is there in the data.
It has been observed that:
-
When syslogs are sent via TCP, \n is also sent
-
When syslogs are sent via UDP, \n is NOT sent
For more information about TCP and UDP with syslog, please refer to this KB article under the section "Remote Server - Check Rsyslog Config":
Documentation - Logs Not Searchable or Not Coming In
Final Thoughts
For any support related questions please visit the Nagios Support Forums at:
Subscribe to Article
Print Article
Email Article to Friend
Export to PDF
Export to MS Word
