Nagios Support Forum

I looked over this post and noticed something - kicking myself for not picking up on this sooner. mv /etc/rsyslog.d/80-nagioslogserver_var_log_mailman_post /etc/rsyslog.d/80-nagioslogserver_var_log_mailman_post.conf service rsyslog restart Hopefully it's just that simple. :) My word, I'm embarrasse...

tcp 0 0 :::5544 :::* LISTEN tcp 0 0 :::9001 :::* LISTEN tcp 0 0 :::9002 :::* LISTEN rsyslogd -f /etc/rsyslog.d/80-nagioslogserver_var_log_mailman_post -N1 rsyslogd: version 5.8.10, config validation run (level 1), master config /etc/rsyslog.d/80-nagioslogserver_var_log_mailman_post rsyslogd: WARNIN...

Any chance that port 9002 is closed on the NLS firewall? To make sure it was not "firewall" issues I shutdown iptables (service iptables stop) and re-ran the above test. No joy ;( With iptables back up I was able to telnet to port 9002 and get the Escape character is '^]'. Tried the same ...

I did not think of switching to another port like that to isolate it. I went with 9002. /etc/rsyslog.d/80-nagioslogserver_var_log_mailman_post $ModLoad imfile $InputFilePollInterval 10 $PrivDropToGroup adm $WorkDirectory /var/lib/rsyslog # Input for mailman_post $InputFileName /var/log/mailman/post ...

Please post your /etc/rsyslog.conf file - you may be missing the following directive: $IncludeConfig /etc/rsyslog.d/*.conf Otherwise, everything looks fine to me. Yeap, I have it. KEep in mind I am already using this for apache in the same way and getting log output. Additional Troubleshooting- Wha...

I am trying to setup NLS to pickup mailman logs via rsyslog. I used the apache /etc/rsyslog.d/file as an example. HEre is what I tried. $ModLoad imfile $InputFilePollInterval 10 $PrivDropToGroup adm $WorkDirectory /var/lib/rsyslog # Input for mailman_post $InputFileName /var/log/mailman/post $InputF...

Oh, my mistake, I didn't realize 514 UDP was privileged. I had it in my head tcp was but udp wasn't for some reason.

I would just use port 9001 like I did with my other devices but vmware hypervisor firewall configuration for custom ports is ridiculously silly.

I've setup a ESXi device to send logs to udp 514 -> NLS. I can see data is coming in on the NLS. 19:26:00.875443 IP 198.X.X.85.33294 > 198.X.X.171.syslog: SYSLOG local4.info, length: 193 But no data shows up for that ip in searches. Far as I can tell the time is correct (using ntp to maintain it) an...

Ah, my mistake, I was thinking the type was an actual flag that determined how it parsed the input. I see what you're saying now and will experiment.

I've got it working though it seems I lose fields like "logsource" and "program" and "facility_label". Is that normal?

I tried both solarisin and syslog and both "seem" to give me the same as mentioned above.