Hi Guys,
Sorry for the cryptic subject but I couldn't figure how to phase this, I have two issues/advice I need help with;
1. The server is behind NAT, so when you add another source it always shows it local IP address not the external one, is there a way to make it show the external when you're added a source?
2. I want to download all the logs from server running Cloudlinux with Plesk Onyx installed, i can see it automatically downloads these, but how do i configure it to get the others as well?
Thanks in advance
Nathan
2 problems?
Re: 2 problems?
That's a tricky one. Does the machine sending the logs have a concept of what it's "external address" is? Do the NAT'd servers have some FQDN that resolves to their external address?nathanplatt wrote: The server is behind NAT, so when you add another source it always shows it local IP address not the external one, is there a way to make it show the external when you're added a source?
If the list of IPs you need to translate from local->external is relatively short, you could leverage a mutate filter probably as a brute-force solution. This becomes impractical with long lists though.
Not sure what you mean here, though admittedly i'm not very familiar with either platform. What do you mean by "i can see it automatically downloads these"? Are you referring to some part of NLS that automatically grabs logs from these machines?nathanplatt wrote:I want to download all the logs from server running Cloudlinux with Plesk Onyx installed, i can see it automatically downloads these, but how do i configure it to get the others as well?
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
- Posts: 267
- Joined: Thu May 07, 2015 4:59 am
Re: 2 problems?
HI,
On the first point i have a port forwarded to the external IP address, when you manually run the bash setup_linux.sh script you put the externalip:portnumber and it works fine, just would like a way to automate that for future.
AS with Plesk/Cloudlinux. I'll like to download all the apache logs, fail2ban logs, and mailserver logs from this server but the instructions in Nagios only really guide you down phpmyadmin and apache
Thanks
Nathan
On the first point i have a port forwarded to the external IP address, when you manually run the bash setup_linux.sh script you put the externalip:portnumber and it works fine, just would like a way to automate that for future.
AS with Plesk/Cloudlinux. I'll like to download all the apache logs, fail2ban logs, and mailserver logs from this server but the instructions in Nagios only really guide you down phpmyadmin and apache
Thanks
Nathan
Re: 2 problems?
You'll want to use mutate as @mcapra mentioned. Something like this -
You'll need to adjust the sourceip with the field that has the LAN address, and mynewsourceip with the variable that it should be replaced with.
Code: Select all
mutate {
replace => { "sourceip" => "mynewsourceip" }
}
Former Nagios Employee