Nagios Support Forum

Yes please.

It works!

I tried to add a new filter in the 500_filter.conf file + the pattern file, but the logstash's log said something was wrong with the filter, so I only left the pattern file and now all maillog file is in NLS shown correctly, thanks a lot!

Ok, I'm reading the documentation and doing some tests because this grok is new to me, I've found some patterns ready for sendmail however I'm not 100% positive how to implement them in the filters.

And another test in the NLS: [root@fps216ch ~]# tcpdump -n dst port 5544 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 12:03:14.230366 IP 10.218.108.241.14402 > 10.218.108.216.5544: Flags [P.], seq ...

I've made a test, first on the server to be tracked (241): [root@fpS241ch etc]# tcpdump -n dst port 5544 I can see a lot of communication flowing when the maillog file gets changed tracking the NLS I ran the command [root@fps216ch ~]# tcpdump src host 10.218.108.241 and udp dst port 5544 and dst hos...

After applying the change in the conf file, the tcpdump started sending a huge list of info: [root@fpS241ch etc]# tcpdump -n dst port 5544 -v tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes 11:22:02.606122 IP (tos 0x0, ttl 64, id 28977, offset 0, flags [DF], proto T...

Ok, The server doesn't have rsyslogd but rsyslog as a service, here's the output: [root@fpS241ch rsyslog.d]# service rsyslogd status rsyslogd: unrecognized service [root@fpS241ch rsyslog.d]# service rsyslog status rsyslogd (pid 30335) is running... [root@fpS241ch rsyslog.d]# getenforce Disabled [roo...

Ok, for the first set of instructions here is the output: [root@fps216ch ~]# service logstash status Logstash Daemon (pid 1294) is running... [root@fps216ch ~]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf # # Logstash Configuration File # Dynamically created by Nagios Log Serv...

so... I turned off iptables, and the logs still not in the log server... [root@fps216ch ~]# service iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] went checking to the log server, and nothing is com...

Hello, Here are the outputs: on the client where we are running the script: [root@fpS241ch rsyslog.d]# cat /etc/*release Red Hat Enterprise Linux Server release 6.2 (Santiago) Red Hat Enterprise Linux Server release 6.2 (Santiago) [root@fpS241ch rsyslog.d]# ping 10.218.108.216 PING 10.218.108.216 (1...