Nagios Support Forum

Outstanding!!! I forgot about the Regex search option. Thanks for the great support!

-KC

Hello, Please let me know if you think this is possible using the latest Nagios Log Server version... We generate a CSV format access log file each day (@ 7:30AM) from a security system. I am already able to pull in that data using a CSV filter. In that data there is a field called "Date/Time&q...

Yes, you have been more than helpful, thanks so much! I did get the all the other fields to finally populate (besides message) by altering your match: Old: match => [ "message", "^<%{NUMBER:number}>.....etc New: match => [ "message", "%{NUMBER:number}>.....etc This mess...

Yeah It doesn't like your filter it seems - but I'll use that grok tool to try to come up with something.

I was missing: $IncludeConfig /etc/rsyslog.d/*.conf Heh, I knew it was just a simple misconfiguration on my end. It is now working. There are a lot of events still with junk information in it, but I am receiving some with real data, finally (THANK YOU). working_output.jpg I'm sure I can work the fil...

Thanks for sending that over. That is the rsyslog.conf from the NLS server right. What about the remote server's (sending server with csv file) /etc/rsyslog.conf?

Configuration file: # Logstash Configuration File # Dynamically created by Nagios Log Server # # DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN. # # Created Fri, 17 Apr 2015 12:11:45 -0400 # # # Global inputs # input { tcp { type => 'csvinput' port => 9001 } } # # Local inputs # # # Logstash Configur...

So it didn't seem to fix the problem, but it did did give me a message in the logstash log: {:timestamp=>"2015-04-16T16:24:06.770000-0400", :message=>"Trouble parsing csv", :source=>"message", :raw=>"<46>Apr 16 16:24:05 support rsyslogd: [origin software=\"rsy...

I don't see how yours could possible work and not mine, using the same configuration. As you can see from that snippet you copied, the "message" is garbage....nothing from the csv file at all. That tool you sent over is pretty nice, though. Your grok pattern always comes up as "no mat...

Also, does the grok "match" need to be in the same order was the columns are listed, as they are not.