Nagios Support Forum

Great, thanks for you assistance! That is working how I wanted.

<7> CEF:1|A10|TH3030S|2.7.2-P7-SP3|WAF|Dec 13 2016 14:25:00|session-id|2|src=10.2.52.252 spt=25049 dst=10.2.208.150 dpt=80 hst="changedev.agoc.com" cs1=?dev?DefaultWebServer cs2=fb76283ae9c71b37 act=learn md=passive svc=http req="GET /images/grid/last.gif HTTP/1.1" 0 msg="Ne...

I am trying to create a grok filter that works for a log we are trying to pull into our system. Issue 1: The issue is the logfile outputs logs like this "Data1|Data2|Data3|" which prevents us from grabbing a couple pieces of information. So, I followed the instructions here to try and repl...

Moderator Edit: This thread has been split from another - https://support.nagios.com/forum/viewtopic.php?f=37&t=36623 In the future, please create a new thread and link to the old one instead of adding on. I am seeing a potential memory leak issue and have found it to be related to this non-def...

Sorry, I was out of office for a few days. However, this isn't resolved as of yet. We're just not seeing the logstash.log get flooded at this point (though it still is getting some hits, we will worry about that at another time). We are still having issues described in the title of this post. Our in...

Alright, I put this change in place for all of the syslog types we had. This appears to have fixed the log issue as I have not seen a log come in for about 10-15 minutes to that file now and we're getting those log types. So, it appears we're not getting any errors at this point, at least not at a l...

Again, sorry for the slow response. I pulled a snippet of what is going through the log and I am not necessarily seeing anything indicating errors within Logstash.log (the only thing containing "errors" are the logs it is pulling in that are errors on the remote devices). But it is far fro...

Sorry for the delay. Obviously I see a lot coming through in the logs, but I do not see any of the type IIS_Requests in that log.

They should be posted just above your comment (thought to do that after I submitted).

Below are the Input and Filter we are using (based on this: https://exchange.nagios.org/directory/Addons/Nagios-Log-Server/Dashboards/IIS-Dashboard/details) Here is the Input: tcp { type => 'IIS_requests' tags => 'IIS_requests' port => 5142 codec => json } And here is the filter: if [type] == 'IIS_r...