Nagios Support Forum

Hmmm not sure why it dosnt have that info when %{Referer}i\" \"%{User-Agent}i is in the LogFormat.

However, changing to Common did the trick. Thank you! This item can be marked closed.

I have the following filter in 500_filters.conf filter { if [program] == 'apache_access' { grok { match => [ 'message', '%{COMBINEDAPACHELOG}'] } date { match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z', 'MMM dd HH:mm:ss', 'ISO8601' ] } mutate { replace => [ 'type', 'apache_access' ] convert => [ 'by...

Yes indeed, we are good to mark resolved. Thanks!

Success! I got it by changing the hash in 999_outputs.conf to match my clusters hash from the system dashboard.

Things seem to be appearing now! Thank you for all of your help!

I guess I just got a bit confused. For the server where Nagios Log Server is installed, I should or should NOT have the rsyslog service running? (I manually configured rsyslog to run on 5544 thinking it was what was needed) Is the logstash doing the role of the rsyslog? So when I have my node doing ...

Thank you that was very helpful! Making progress for sure :) New small problem: When starting the Logstash Collector I now get this message {:timestamp=>"2016-08-31T14:12:45.843000-0400", :message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:5544", :exce...

Thank you for the fast reply. install.log has been pasted to: https://ybin.me/p/4fcc87ce6c9379ff#toXrlushlrUznUqtqDE3PXjWO8m5sbUTH3HzMwjGaBY= There was an issue with the install process early on because my host has blocked NTP traffic, I had to get around. But after that it worked. This server is ve...

Hello, I attempted to do a full install via the source on CentOS 6.8 Everything seems to be ok except that no data is being collected / stored. When attempting to start the LogStash service via the GUI I get the following error: {:timestamp=>"2016-08-31T11:27:50.927000-0400", :message=>&qu...