Not recieving logs after 2.0 upgrade

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
bpizzutiWHI
Posts: 64
Joined: Thu Mar 02, 2017 10:15 am

Re: Not recieving logs after 2.0 upgrade

Post by bpizzutiWHI »

Well, a sample isn't going to help since it's literally everything: syslogs, standard event logs, and some custom stuff. Nothing added just before or just after the upgrade process so the attached configs worked before the 2.0 upgrade. If you still need log samples let me know where to PM them, but quite literally nothing is working, and it may be due to that ErrorCode field issue noted above.
You do not have the required permissions to view the files attached to this post.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Not recieving logs after 2.0 upgrade

Post by cdienger »

With no inputs showing up this, sounds like something bigger than a parsing issue with a single input. Try restaring logstash and elasticsearch with:

Code: Select all

service logstash restart
service elasticsearch restart
and provide a fresh copy of the elasticsearch and logstash log as well as the output of curl -XGET 'http://localhost:9200/_cluster/health/* ... rds&pretty'.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
bpizzutiWHI
Posts: 64
Joined: Thu Mar 02, 2017 10:15 am

Re: Not recieving logs after 2.0 upgrade

Post by bpizzutiWHI »

Here you go. This looks interesting:

"Grok::PatternError", :error=>"pattern %{CUSTOMAPACHELOG} not defined",

I'm going to comment that one out, but it definitely worked before the update.
You do not have the required permissions to view the files attached to this post.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Not recieving logs after 2.0 upgrade

Post by cdienger »

The grok pattern error is likely due to some customization being overwritten by the upgrade. The default grok patterns can be found in /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns/grok-patterns. Likely not the cause of not seeing data, but something you'll probably want.

For the main issue, I'd like to take a closer look by getting a profile. Something isn't adding up here. Please open a ticket and attach a profile(Admin > System > System Status > Download System Profile).
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
bpizzutiWHI
Posts: 64
Joined: Thu Mar 02, 2017 10:15 am

Re: Not recieving logs after 2.0 upgrade

Post by bpizzutiWHI »

Actually, commenting that out did fix the issue.

We actually came up with a new format for Apache logs that we're deploying, and I wrote a custom grok pattern for it, but we still have some servers using the legacy stuff. Looks like the apache log patterns were pulled out at some point, I was taking a look at a doc from 2014 and there's two apache patterns defined, but they're gone on a current year version of the same doc:

Apr 9, 2014: https://github.com/elastic/logstash/blo ... k-patterns

Mar 4, 2017: https://github.com/logstash-plugins/log ... k-patterns
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Not recieving logs after 2.0 upgrade

Post by dwhitfield »

@cdienger and I had a chat about this and it sounds like you know what's going on at this point. Are we ready to lock this up, or did we miss a question?
bpizzutiWHI
Posts: 64
Joined: Thu Mar 02, 2017 10:15 am

Re: Not recieving logs after 2.0 upgrade

Post by bpizzutiWHI »

I think we're good.
kyang

Re: Not recieving logs after 2.0 upgrade

Post by kyang »

Sounds good! I'll be closing this thread!

If you have any more questions, feel free to create another thread.

Thanks for using the Nagios Support Forum!
Locked