Home » Categories » Products » Nagios Log Server » Documentation » Alerts

Send Alerts Based on the Log Server Audit Log

Introduction

There may be situations where you want to create alerts based on the Log Server audit log. For example, you may want to send email alerts when a new Nagios Log Server user is created, modified and deleted.

Setup

  1. Navigate to Configure > Global Config.
  2. Click the Add Input button.
  3. Enter a descriptive Block Name.
  4. Enter the following code in the code field.
    file {
        type => "nlsauditlog"
        path => "/usr/local/nagioslogserver/var/auditlog.log"
    }
  5. Click the Add Filter button.
  6. Enter a descriptive Block name and add filter code that will gather the information you desire from the log. Example: 
    if [type] == 'nlsauditlog' {
    grok{
            match => {
              "message" => [
                "%{TIMESTAMP_ISO8601:date} created=%{INT:created} created_by=%{WORD:created_by} type=%{WORD:audit_log_type} message=%{DATA:message} source=%{DATA:source} ip_address=%{IP:ip_address}",
                "%{TIMESTAMP_ISO8601:date} created=%{INT:created} created_by=%{WORD:created_by} type=%{WORD:audit_log_type} message=%{DATA:message} node=%{UUID:node} source=%{GREEDYDATA:source}"
              ]
            }
          overwrite => [ 'message' ]
    }
    }
  7. Click Save & Apply.

Now, you can reference the documentation linked below to use the dashboards to create a query to use in the alert:

Analyzing-Logs-With-Nagios-Log-Server
Alerting-On-Log-Events-With-Nagios-Log-Server

 

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios Log Server - Alerting On Log Events
Viewed 4204 times since Thu, Jan 28, 2016
Nagios Log Server - Custom Alert Message Email Template
Viewed 2481 times since Tue, Feb 2, 2016