Nagios Log Server Http Endpoint to ship logs from nxlog

[madhu2852]

Hi Team,

Im trying to configure windows event logs to ship events to Nagios Log Server. I'm using nxlog agent to do that. I wanted to ship the logs over HTTP/HTTPS to Nagios logserver. I found below sample config in nxlog reference manual. I have few questions regarding this.
1. What would be my URL in this case.
2. Is there a specific endpoint that needs to be used or configured if not on present Nagios Log Server..?

I know I can setup this using om_tcp or om_udp modules, but i want to use http in this case. When i checked API doc for Nagios Log Server i do not see such endpoint.



http://nxlog-ce.sourceforge.net/nxlog-d ... ml#om_http
https://support.nagios.com/kb/article/n ... mples.html

Example 6.59. Sending logs over HTTPS

<Input in>
Module im_file
File 'input.log'
ReadFromLast FALSE
</Input>

<Output out>
Module om_http
URL https://server:8080/
HTTPSCertFile %CERTDIR%/client-cert.pem
HTTPSCertKeyFile %CERTDIR%/client-key.pem
HTTPSCAFile %CERTDIR%/ca.pem
HTTPSAllowUntrusted FALSE
</Output>

<Route httpout>
Path in => out
</Route>

[cdienger]

First install the http input with:

Code: Select all

/usr/local/nagioslogserver/logstash/bin/plugin install logstash-input-http

This can take a long time. Be patient and it should eventually return you to a command prompt.

Then create a new input under Administartion > Global Configuration > Inputs, with the config:

Code: Select all

http{
ssl => 'true' <-----this is optional and not needed if you want to stick with http
port => '8080' <-----8080 is default. Change if desired.
keystore => 'location_of_jks_keystore' <----only needed if using ssl
keystore_password => 'password' <-----only needed if using ssl
}

Other options for the http input can be found at https://www.elastic.co/guide/en/logstas ... ugins.html

The url you would send traffic to would then be https://NLS_SERVER_IP:8080

[madhu2852]

Thank you for the response. Ill try that .

[cdienger]

Sounds good! Keep us posted!