Nagios Log Server - Newline Character Added When Adding A Filter To A Search

Problem Description

You will observe that sometimes filters that are added to a search contain a newline (\n) character to the filter and due to this no results are found.

 

 

Explanation

In this screenshot, you can see that from an event, clicking the Magnifying Glass icon will add a filter which matches the value in the field:

 

 

This screenshot shows the filter that was added. You can see that \n was added to the filter, and you can see below this causes 0 hits to be returned:

 

 

You can edit the filter to remove \n which will result in search results being correctly returned.

 

 

 

Resolving The Problem

What is causing this is that the original server that sent the syslog message had \n as part of the message. When you are seeing the value in the event in Nagios Log Server, \n is not being displayed, but it is there in the data.

It has been observed that:

  • When syslogs are sent via TCP, \n is also sent

  • When syslogs are sent via UDP, \n is NOT sent

For more information about TCP and UDP with syslog, please refer to this KB article under the section "Remote Server - Check Rsyslog Config":

Documentation - Logs Not Searchable or Not Coming In

 

 

Final Thoughts

For any support related questions please visit the Nagios Support Forums at:

http://support.nagios.com/forum/

Posted by: - Wed, Apr 27, 2016 at 10:01 PM. This article has been viewed 529 times.
Online URL: https://support.nagios.com/kb/article/nagios-log-server-newline-character-added-when-adding-a-filter-to-a-search-498.html

Powered by PHPKB (Knowledge Base Software)