Nagios LS - Stops working after a few days

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
dariusz.nalazek
Posts: 39
Joined: Thu Nov 16, 2017 6:46 am

Nagios LS - Stops working after a few days

Post by dariusz.nalazek »

Hello,
I'm testing Nagios LS, before purchase. Now I have simple installation 2-node LS, 4vCPU, 8GB RAM VMs @ ESXi. (OVA installation with all patches, latest LS version)
Client servers forward logs to the DNS's round robin name.
It's 17th day of tests, and so far the Nagios LS 3rd time stops receiving any logs, no new indexes are created. To force it working again I have to restart both nodes. Then again Nagios LS works for some period of time.
Now I have connected just a few servers as clients (14 hosts, ~40GB per day), installation target (after purchase) is slightly above 1k clients.

I think I have do done the installation by the book. Should I restart the servers every eg. 24h? Is it normal behavior?
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: Nagios LS - Stops working after a few days

Post by benjaminsmith »

Hello,

When it stops receiving logs, check the status of logstash?

Code: Select all

systemctl status logstash.service
Please PM your system profile for us to review. Go to Admin > System > System Status > Download System Profile. Thanks.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: Nagios LS - Stops working after a few days

Post by benjaminsmith »

Hello,

Thank you for sending over the profile. I'm seeing this error in the logs. By default, Logstash is not able to listen to ports below 1024.

Code: Select all

message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:126:in `initialize'"
An incorrect input/filter can cause logs to stop processing. To correct, please see the guide below.

Nagios Log Server Listening on Privileged Ports
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
dariusz.nalazek
Posts: 39
Joined: Thu Nov 16, 2017 6:46 am

Re: Nagios LS - Stops working after a few days

Post by dariusz.nalazek »

Log Server seems to work... w/o crashes after removing the listener below port 1000.

THXfor help.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: Nagios LS - Stops working after a few days

Post by scottwilkerson »

dariusz.nalazek wrote:Log Server seems to work... w/o crashes after removing the listener below port 1000.

THXfor help.
Great!

Locking thread
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked