Not recieving logs after 2.0 upgrade
-
- Posts: 64
- Joined: Thu Mar 02, 2017 10:15 am
Re: Not recieving logs after 2.0 upgrade
Well, a sample isn't going to help since it's literally everything: syslogs, standard event logs, and some custom stuff. Nothing added just before or just after the upgrade process so the attached configs worked before the 2.0 upgrade. If you still need log samples let me know where to PM them, but quite literally nothing is working, and it may be due to that ErrorCode field issue noted above.
You do not have the required permissions to view the files attached to this post.
Re: Not recieving logs after 2.0 upgrade
With no inputs showing up this, sounds like something bigger than a parsing issue with a single input. Try restaring logstash and elasticsearch with:
and provide a fresh copy of the elasticsearch and logstash log as well as the output of curl -XGET 'http://localhost:9200/_cluster/health/* ... rds&pretty'.
Code: Select all
service logstash restart
service elasticsearch restart
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 64
- Joined: Thu Mar 02, 2017 10:15 am
Re: Not recieving logs after 2.0 upgrade
Here you go. This looks interesting:
"Grok::PatternError", :error=>"pattern %{CUSTOMAPACHELOG} not defined",
I'm going to comment that one out, but it definitely worked before the update.
"Grok::PatternError", :error=>"pattern %{CUSTOMAPACHELOG} not defined",
I'm going to comment that one out, but it definitely worked before the update.
You do not have the required permissions to view the files attached to this post.
Re: Not recieving logs after 2.0 upgrade
The grok pattern error is likely due to some customization being overwritten by the upgrade. The default grok patterns can be found in /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns/grok-patterns. Likely not the cause of not seeing data, but something you'll probably want.
For the main issue, I'd like to take a closer look by getting a profile. Something isn't adding up here. Please open a ticket and attach a profile(Admin > System > System Status > Download System Profile).
For the main issue, I'd like to take a closer look by getting a profile. Something isn't adding up here. Please open a ticket and attach a profile(Admin > System > System Status > Download System Profile).
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 64
- Joined: Thu Mar 02, 2017 10:15 am
Re: Not recieving logs after 2.0 upgrade
Actually, commenting that out did fix the issue.
We actually came up with a new format for Apache logs that we're deploying, and I wrote a custom grok pattern for it, but we still have some servers using the legacy stuff. Looks like the apache log patterns were pulled out at some point, I was taking a look at a doc from 2014 and there's two apache patterns defined, but they're gone on a current year version of the same doc:
Apr 9, 2014: https://github.com/elastic/logstash/blo ... k-patterns
Mar 4, 2017: https://github.com/logstash-plugins/log ... k-patterns
We actually came up with a new format for Apache logs that we're deploying, and I wrote a custom grok pattern for it, but we still have some servers using the legacy stuff. Looks like the apache log patterns were pulled out at some point, I was taking a look at a doc from 2014 and there's two apache patterns defined, but they're gone on a current year version of the same doc:
Apr 9, 2014: https://github.com/elastic/logstash/blo ... k-patterns
Mar 4, 2017: https://github.com/logstash-plugins/log ... k-patterns
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Not recieving logs after 2.0 upgrade
@cdienger and I had a chat about this and it sounds like you know what's going on at this point. Are we ready to lock this up, or did we miss a question?
-
- Posts: 64
- Joined: Thu Mar 02, 2017 10:15 am
Re: Not recieving logs after 2.0 upgrade
I think we're good.
Re: Not recieving logs after 2.0 upgrade
Sounds good! I'll be closing this thread!
If you have any more questions, feel free to create another thread.
Thanks for using the Nagios Support Forum!
If you have any more questions, feel free to create another thread.
Thanks for using the Nagios Support Forum!