Nagios Support Forum

Hi, We are running NLS version 1.4.0 on RHEL 7.2. We are currently running a 2 node cluster and over the past several weeks I have noticed to that port 5544 is not listening. This past week I created an XI check to monitor the port for both servers. The last restart of the NLS processes was on Monda...

Thanks. I will give it a try. I totally agree with you on the last statement. I intended NLS to be the last stop for logging. However, random initiatives pop up that we are asked to participate in.

We got things working with tcp. They are looking to see if that will work for them. I did try to use syslog as the output. I ran the following on each server to install the plugin ./plugin install logstash-output-syslog Validating logstash-output-syslog Installing logstash-output-syslog Installation...

Cool, thanks. Will that forward all data coming in to another source? Also, what if we wanted to limit it to specific query?

Thanks,

This is what I got back from the people that manage SIEM. There are literally hundreds of protocols accepted by QRadar, I’ve pulled out the few that we use most often. QRadar will accept LEEF or CEF formatted logs using the syslog, TLS syslog, or log file protocols. When we’re using the log file pro...

Thanks, found it. Do you have any documentation or examples that I can look at or use to build a rule? I am new to NLS/ELK.

I am still trying to get that information as to the format for SIEM.

How or where do I manage the output in NLS?

Thanks,

Hi, We have an internal initiative to send logs to an outside source that is using IBM SIEM. I have been asked if it is possible to to forward logs from NLS as it comes in and send it to an external source. Is this something that I can do with NLS? If not, is there a way to export log data and send ...

Hi,

I just ran into this as well. Just before a large DR test. I was able to get around by disabling notifications for the servers.

I am running 5.2.5 as well.

Regards,
David

Thats fine. I will do that now.

Thanks.