Nagios Support Forum

Hello,
This is my first post and my first experience with nagios log server and nagio xi.
I have a need to post into xi the output of the log server query when it is warning or critical. I originally used the nrdp selection of the alert, only to find it gives me no information other than the severity. What i am trying to do is use send_nrdp to get the message to xi.

if i use send_nrdp via command line it works fine. trying to use it in an alert does not work.

Is there a log on the log server to see what the issue is?

Thanks

The 'Execute Script' method may be a better fit for you. It allows you to add %output% to the alert. So the setup would be to call a script that accepts %output% and then calls and passes this to the send_nrdp script.

cdienger wrote:The 'Execute Script' method may be a better fit for you. It allows you to add %output% to the alert. So the setup would be to call a script that accepts %output% and then calls and passes this to the send_nrdp script.

Hi, this is exactly what I am doing. The send_nrdp script does not seem to run for me. Works fine if I ssh to the box and run it manually... I can't seem to find any log info where it might tell me why it is failing. If a specified script fails to run, where is this noted?

Thanks,
Tony

It's not really logged anywhere. What does your alert configuration look like? I've tested the below call send_nrdp.sh. The full arguments line looks like:
and made sure the send_nrdp.sh permissions are proper:

Hi,
chown and chmod done (done previously).

Here are the config lines:

/usr/local/nagioslogserver/scripts/send_nrdp.sh
-u http://192.168.1.78/nrdp/ -t tokengoeshere -H Nagios -s Syslog -S 1 -o myoutput

This does work from the console... I get the "unconfigured object". Does not seem to run using the execute script..

I am unsure how to proceed.

What OS is NLS installed on?

Please provide the output of "ll /usr/local/nagioslogserver/scripts", a profile, and copy of the current configuration index. The profile and index can has sensitive information so please PM them to me.

The profile can be gathered under Admin > System > System Status > Download System Profile or from the command line with:
This will create /tmp/system-profile.tar.gz.

Note that this file can be very large and may not be able to be uploaded through the forum system. This is usually due to the logs in the Logstash and/or Elasticsearch directories found in it.

The index can be gathered by running:
The file it creates and that we'd like to see is /tmp/nagioslogserver.tar.gz.

NLS is on CentOS (I imported the ova that is available).

Also, i thought maybe there was an issue with the vm, so i reimported the ova and started over... same issue.

output of ll is:
-r-xr-xr--. 1 nagios nagios 1544 Mar 24 11:14 change_timezone.sh
-r-xr-xr--. 1 nagios nagios 2940 Mar 24 11:14 create_backup.sh
-r-xr-xr--. 1 nagios nagios 60 Mar 24 11:14 curator.sh
-r-xr-xr--. 1 nagios nagios 1208 Mar 24 11:14 generate_uuid.sh
-r-xr-xr--. 1 nagios nagios 1768 Mar 24 11:14 get_es_config.php
-r-xr-xr--. 1 nagios nagios 722 Mar 24 11:14 get_logstash_config.php
-r-xr-xr--. 1 nagios nagios 27 Mar 24 11:14 get_logstash_ports.sh
-r-xr-xr--. 1 nagios nagios 5311 Mar 24 11:14 profile.sh
-r-xr-xr--. 1 nagios nagios 1473 Mar 24 11:14 reconfigure_ncpa.php
-r-xr-xr--. 1 nagios nagios 316 Mar 24 11:14 reconfigure_ncpa.sh
-r-xr-xr--. 1 nagios nagios 1333 Mar 24 11:14 reset_nagiosadmin_password.sh
-r-xr-xr--. 1 nagios nagios 3588 Mar 24 11:14 restore_backup.sh
-r-xr-xr-- 1 nagios nagios 8559 May 5 16:48 send_nrdp.sh

Will IM you the other files.

Thanks

Things appear to be good. As a test give everyone execute permissions:
and run a tcpdump while you force the alert to run:
I'll spin up a 2.1.5 OVA on my end to test as well.

Hello,

I changed the permissions on the file as you suggested (555). This did not help. I have IM'd you the output of tcpdump.

Thanks,
Tony

It looks like the data is getting sent and the xi machine is responding with a "200 OK" message so it appears to be receiving it. Can you clarify where exactly in xi you see the difference between using send_nrdp directly from the command line and using it via an alert? Do you see anything logged in nagios.log when you send the alert? Run "tail -f /usr/local/nagios/var/nagios.log" on the xi while you run the tests on the NLS machine.

Perhaps another capture taken when sending via the command line so we can compare a working to a non working version will help. Use this syntax to save it to a file and make it easier to read(with wireshark):
Do the same with another attempt at triggering it with an alert: