Questions: API Documentation and Multiline events

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
McCriddle
Posts: 14
Joined: Thu Feb 12, 2015 4:52 am

Questions: API Documentation and Multiline events

Post by McCriddle »

Hi,

i got a couple of questions regarding NLS:

1.
Is there any documentation about the external API access? (can't find anything in the help section)

2.
Can anyone give me a hint, how to import log files with multiline-events?

e.g.:
we need to import Tomcat logs from some windows machines (via nxlog).

Code: Select all

Jan 29, 2015 1:46:15 PM org.apache.catalina.core.ApplicationContext log
INFORMATION: HTMLManager: list: Listing contexts for virtual host 'localhost'
Jan 29, 2015 1:47:51 PM org.apache.catalina.realm.JNDIRealm authenticate
WARNUNG: Exception performing authentication
javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'DC=mycompany,DC=local'
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2003)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
	at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1084)
	at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:992)
	at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:941)
	at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:810)
	at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
	at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:857)
	at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:565)
	at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1509)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.SocketException: Connection reset
	at java.net.SocketInputStream.read(SocketInputStream.java:196)
	at java.net.SocketInputStream.read(SocketInputStream.java:122)
	at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
	at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
	at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
	at com.sun.jndi.ldap.Connection.run(Connection.java:853)
	... 1 more

Jan 29, 2015 2:09:48 PM org.apache.coyote.http11.Http11AprProtocol pause
INFORMATION: Pausing Coyote HTTP/1.1 on http-9080
Jan 29, 2015 2:09:48 PM org.apache.coyote.ajp.AjpAprProtocol pause
INFORMATION: Pausing Coyote AJP/1.3 on ajp-9009
thanks in advance
Mike
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Questions: API Documentation and Multiline events

Post by scottwilkerson »

McCriddle wrote:1.
Is there any documentation about the external API access? (can't find anything in the help section)
This has not been well documented at all (sorry), but you can perform almost all of ES API calls, with a few exceptions
http://www.elasticsearch.org/guide/en/e ... earch.html

The primary difference is, instead of calling items like this

Code: Select all

curl -XGET 'http://YOUR_CLUSTER_HOST:9200/_search'
You would externally call them like this

Code: Select all

curl -XGET 'http://YOUR_CLUSTER_HOST/nagioslogserver/index.php/api/backend/_search?token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
When on a dashboard, you can click the "i" icon on the top right of any panel to see the API query used to generate the panel.
McCriddle wrote:2.
Can anyone give me a hint, how to import log files with multiline-events?

e.g.:
we need to import Tomcat logs from some windows machines (via nxlog).
Here's some docs
http://nxlog-ce.sourceforge.net/nxlog-d ... app_tomcat

Basically you will want to do something like this, add the following to nxlog.conf

Code: Select all

<Input log4j>
	Module	im_file
	File	'c:\path\to\tomcat.log'
	Exec	if $raw_event =~ /^(\d{4}\-\d{2}\-\d{2} \d{2}\:\d{2}\:\d{2}),\d{3} (\S+) \[(\S+)\] \- (.*)/ \
	        { \
		    $log4j.time = parsedate($1); \
		    $log4j.loglevel = $2; \
		    $log4j.class = $3; \
		    $log4j.msg = $4; \
	        }
	SavePos  TRUE
	Exec $Message = $raw_event;
</Input>
Then modify <Route 1> to something like

Code: Select all

 
<Route 1>
    Path log4j, internal, file1, eventlog => out
</Route>
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
McCriddle
Posts: 14
Joined: Thu Feb 12, 2015 4:52 am

Re: Questions: API Documentation and Multiline events

Post by McCriddle »

thanks a lot.

this should get us running.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Questions: API Documentation and Multiline events

Post by scottwilkerson »

Awesome, let us know if we can help any other way.
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
Locked

Return to “Nagios Log Server”