Nagios Support Forum

Great, thank you!

I changed it to TCP 5555, but still having the same issue. I am able to verify packets are being received with tcpdump, but nothing shows up in the dashboard. I tried changing that input type to syslog (keeping port 5555) and also tried removing the filter...still no go. Would it be possible to sche...

Hi, I'm getting dumps for both hosts and they look like this: #tcpdump -n dst port 5555 and host 10.10.x.x 09:26:30.678405 IP 10.10.x.x.syslog > 10.15.x.x.personal-agent: SYSLOG local4.warning, length: 207 09:26:30.678530 IP 10.10.x.x.syslog > 10.15.x.x.personal-agent: SYSLOG local4.warning, length:...

Out of the office for training this week. Will check that when I am back in the office next week (27/Jul). Please leave this thread open for now.

Okay, thanks. I have the Input and the Filter code added successfully. I have also configured two of our ASA firewalls to send their syslog data to UDP port 5555. However, I am unsure if I am receiving data on port 5555 or how to view this data in the dashboard. Syslog entries from the ASAs configur...

Okay, that makes sense. I removed erroneous input and created a filter with the code, but it is still throwing an error during verification. if type == "cisco-asa" { # Split the syslog part and Cisco tag out of the message grok { match => ["message", "%{CISCO_TAGGED_SYSLOG} ...

Ok, the verification failed. It is taking the first input fine. udp { port => 5555 type => "cisco-asa" } However, it does not seem to like the second input: if type == "cisco-asa" { # Split the syslog part and Cisco tag out of the message grok { match => ["message", &qu...

Thanks jolson. I currently have all network equipment configured to send syslog data to TCP 5544. I am trying to set up the input for ASA logging on UDP 5555, however, I can't get Nagios Log Server to listen on that port. Tried running as root (tip from the PDF you linked to) but still won't listen ...

I read through the threads, but having trouble already. I also did some reading on regex and grok but it isn't clicking...at least with how I would need to apply it to this case. I hope you can assist me with constructing a filter that can match the syslog messages below (this is just the message po...

Thanks for your quick reply. I'll get started reading and working on the filter and let you know when I'm ready for the next step.