Nagios Support Forum

I'm still having the same result. Everything is coming through as severity 5, regardless of how it is coded in the Cisco syslog message. i'm attaching an expanded view of how the entry appears.

That allowed the configuration to verify after i added that. i'll check and see if we are receiving correct facility/priority/severity notices after applying this.

file attached, and contents listed below. # # Logstash Configuration File # Dynamically created by Nagios Log Server # # DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN. # # Created Wed, 17 Dec 2014 14:39:46 -0500 # # # Global Configuration # input { tcp { type => 'eventlog' port => 3515 codec => json...

The files from /usr/local/nagioslogserver/logstash/etc/conf.d are attached.

i changed the owner and perms, which changed the modified date to today, however, when i applied the configuration, it didnt change the modified date. It is having an effect on the input, as i quit receiving logs from my ASA, as soon as i apply it. i don't really care about the ASA logs at this poin...

yes, that's correct. i'm including a screenshot of the inputs and filters i have applied, and the 2 .conf files that are on the system. They don't match.

Question: when i add filters/inputs to the Administration GUI, should the 3 files at /usr/local/nagioslogserver/logstash/etc/conf.d be changing to reflect those? If so, there has been no change to those since the box was built on Nov 17. Below are perms on those files. If those aren't correct files,...

some of the gear, cisco included, will not allow specification of an atypical port for syslogging. i'm sure with a code upgrade, it would be possible, but out of realm of possibilities for scope of this demo.

Option 1 didn't have an effect on what is being received by LS in my Lab 7206. i didn't try option 2, as it seems geared toward a firewall instead of a router. i cannot access any of the other gear, as i'm out of the office this week.

thanks, I'm going to compare this against some of my incoming cisco logs. I don't have zhone, but I do have several switches and firewalls to test against. What IOS version are you presently running? several different versions but here is an example. Not the latest: 12.2(33r)SRD5 on a 7600. Also, t...