How to Configure Alerts in Nagios Log Server 2024R2

Monitoring your environment for critical system events is an essential part of maintaining a secure and reliable infrastructure. In Nagios Log Server 2024R2, setting up alerts allows administrators to receive notifications when specific conditions are met, such as a Failed SSH Login, enabling immediate response and mitigation.

In this guide, we’ll walk you through the process of creating alerts in Log Server 2024R2 so you can monitor your systems more effectively.

1. Log into Nagios Log Server

Start by logging into Nagios Log Server using the credentials you created during the installation process.

2. Create New Alert

Once logged in, navigate to the left-hand menu and click the bell icon to access the Alerting section. Here, you can view any previously created alerts. To create a new alert, click on “New Alert.” A configuration window will appear.

3. Fill in the following to define your alert:

Alert Name

• Choose a name that accurately describes the purpose of your alert (e.g., “Failed SSH Login.”)

Type

• Query: Ideal for checking historical log data within a specified time period.
• Real-Time: Monitors logs as they are ingested, providing immediate detection.
• Host Freshness: Tracks if a host is actively sending logs, useful for detecting system outages.

In this example, we’ll use the Query type and leave the next option as undefined.

Check Interval

• This determines how often the system checks the query. You can specify intervals in seconds (s), minutes (m), hours (h), or days (d).

Example: 1m to check every minute.

Lookback Period

• Defines how far back the system will look when executing the query.

Example: 15m to examine the last 15 minutes of logs.

Warning Threshold

• The number of matching events that trigger a warning notification.

Critical Threshold

• The number of events that escalate the alert to critical status.

In this scenario, we’ll set the warning threshold to 2 and the critical threshold to 3. This is especially useful for identifying brute-force login attempts before they escalate into larger issues.

Nagios Log Server offers several notification options:

• Nagios (send using NRDP.)
• Execute Script.
• Send an SNMP Trap.
• Email Users.
  

You can configure multiple alerts and customize how notifications are delivered—or even trigger automated scripts in response to alerts. For example, you could automatically shut down a machine if a certain condition is met.

4. Select the Take Ownership Option

You’ll also see an option to “Take Ownership”. Selecting this checkbox ensures that only users with admin rights can modify or delete the alert.

5. Create Alert

Once all settings are configured, click “Create Alert”. If you choose the Query type, you can find your alert under the Query section.

6. Final Steps

Click the three-dot menu next to your alert to access the following options:

• Show alert in Dashboard.
• Run this alert now.
• Deactivate this alert.
• Edit this alert.
• Remove.

That’s it! You’ve successfully created an alert in Log Server 2024R2. Alerts are a powerful feature that can significantly improve your ability to respond to system issues in real time. If you prefer a visual guide, we recommend checking out our YouTube tutorial, which walks through this entire setup step-by-step.