How to relay from DMZ?
-
- Posts: 2
- Joined: Tue Mar 06, 2018 3:47 pm
How to relay from DMZ?
What is the best way to relay from a DMZ? Internally we have Windows using NXlog agents and Linux using rsyslog talking directly to Nagios Log Server. Since we can't have the same setup for DMZ servers, we would like to have some sort of relay server in the DMZ that will pass to NLS. Not an expert with Logstash and Elasticsearch, so trying to piece together the best way to make this happen.
Re: How to relay from DMZ?
I'm not sure what people have done for NXLog, but it looks like the enterprise edition does have some relay abilities: https://nxlog.co/products/additional-fe ... se-edition
Messages from rsyslog can be forwarded to another rsyslog server which then in turn forwards messages on to NLS: https://support.nagios.com/forum/viewto ... 37&t=41560
Messages from rsyslog can be forwarded to another rsyslog server which then in turn forwards messages on to NLS: https://support.nagios.com/forum/viewto ... 37&t=41560
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: How to relay from DMZ?
You could also have an intermediate Nagios Log Server instance between your DMZ and the "production" Nagios Log Server cluster. This intermediate instance could exclusively be responsible for forwarding logs via an output rule then discarding them. It's a setup I've done before on older NLS versions (1.4 ish).
Or if you're interested in learning more about Logstash, you could have a single stand-alone Logstash (or Beats) instance be responsible for this. If it starts getting overloaded, spin up another and put them behind a load-balancer.
If it were my problem to solve, I'd do so with a standalone Logstash instance. There's really no wrong answer.
Or if you're interested in learning more about Logstash, you could have a single stand-alone Logstash (or Beats) instance be responsible for this. If it starts getting overloaded, spin up another and put them behind a load-balancer.
If it were my problem to solve, I'd do so with a standalone Logstash instance. There's really no wrong answer.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: How to relay from DMZ?
Thanks for the input, @mcapra!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 2
- Joined: Tue Mar 06, 2018 3:47 pm
Re: How to relay from DMZ?
Thanks for the input. I got an ELK server up and running, and now trying to forward logs on to Nagios Log Server instance. Where is the right location to tweak output to send there? I tried adding output.conf to /etc/Logstash/conf.d, but that only seems to break communication within ELK and nothing being passed to NLS.
Re: How to relay from DMZ?
There could easily be a typo in the output that prevents logstash from working properly. Check the logs found in LS_HOME/logs or /var/log/logstash for errors or warnings when Logstash is started up.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: How to relay from DMZ?
agreedmcapra wrote:If it were my problem to solve, I'd do so with a standalone Logstash instance. There's really no wrong answer.
I'd just bring the log data in and out using the logstash instance in the dmz and do the filtering etc.. on the NLS server this would be more reliable than running an elk stack because less moving parts = less crashes
Looking forward to seeing you all at #NagiosCon2019?
-Dedicated Lover of Nconf,PNP4Nagios and Nagvis
-Dedicated Lover of Nconf,PNP4Nagios and Nagvis
-
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: How to relay from DMZ?
@tmoraiseic, Let me know if you have any other questions for us.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 6
- Joined: Thu Mar 08, 2018 3:17 pm
Re: How to relay from DMZ?
Hello. We have decided to use a second Nagios Log Server instance instead of an elk stack, and we have successfully installed it. The idea is that we'll have one NLS living in our DMZ and collecting logs from all of our client DMZ servers, and it will forward those clients' logs down to our other Nagios Log Server instance outside of the DMZ. Any ideas on how to do this?
Re: How to relay from DMZ?
Are you from the same company or are you just experiencing the same thing and looking for assistance?mgarrity10 wrote:Hello. We have decided to use a second Nagios Log Server instance instead of an elk stack, and we have successfully installed it. The idea is that we'll have one NLS living in our DMZ and collecting logs from all of our client DMZ servers, and it will forward those clients' logs down to our other Nagios Log Server instance outside of the DMZ. Any ideas on how to do this?
Former Nagios employee