Nagios Support Forum

The primary machine is definitely taking the bulk of the data assuming the packet sizes are roughly equal across all machines. Just curious, what is the size of the files when you run "ll output.pcap" ? What do the configurations(nxlog, syslog, etc...) look like on the clients that are sen...

That seems to be what is happening here. Updating the config should allow it to match the fields in the logs and avoid the error that is getting repeated and taking up so much space.

The component is outdated but looks good and tested just fine. Can you PM me a screenshot of its settings page?

To get an idea about how much data is coming in and where it's going, run the following on each NLS machine: yum -y install tcpdump tcpdump -s 0 -i any port 3515 or port 3333 or port 5544 -w output.pcap Let them run for 30 seconds or so and use CTRL+C to stop the tcpdumps and compare the sizes of th...

I assume you're seeing simliar messages in the nxlog.log on the Windows machine then? This log/behavior isn't directly associated with anything on the log server side of things - it is NXlog that defines expected field and field types in lines like: Fields $date, $time, $sitename, $computername, $s-...

Glad to help clarify things! SNMP and trap configuration usually takes a bit of time to figure out and you're definitely not the first(or last) to need direction.

Anywhere under the verify first line([PHP]) should be okay.

max_input_vars may not exist and you can add it if it isn't in there. Once that is done and the httpd service restarted, tail these logs: tail -Fn0 /usr/local/nagiosxi/var/cmdsubsys.log /var/log/httpd/error_log /var/log/httpd/ssl_error_log /usr/local/nagiosxi/var/components/bpi.log and run(on a diff...

You can use NXTI to setup MATCH clauses and don't have to do by editing files. As ssax pointed out, you would create multiple trap definitions with many of the same settings except the for MATCH configuration to control which trap gets triggered. You'd also want to give the trap definitions differen...

Using a wildcard in polling mode doesn't seem to be an issue on the systems I tested with(8.40.0 and 5.8.10), so there may be other factors in place here. That said, I don't see a way to switch to inotify using the legacy config methods and it looks like rainerscript configuration would need to be u...