LS events export to Splunk

This board serves as an open discussion and support collaboration point for Nagios Log Server. NOTE: Nagios Log Server customers should use the Customer Support forum to obtain expedited support.

LS events export to Splunk

Postby DataAssure » Wed Jan 31, 2018 9:42 am

How to export Log Server events to Splunk? I read one user was able to accomplish that via Port#9997 but I couldn't anything in LS Admin & User Guide. Any ideas? Tx
DataAssure
 
Posts: 23
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Postby mcapra » Wed Jan 31, 2018 1:41 pm

The below documentation assumes you are using Nagios Log Server 2.0+.

It sort of depends on some specifics of your Splunk architecture.

A very common way to forward messages from Logstash to Splunk generally is to use a syslog Logstash output rule pointed at a Splunk Heavy Forwarder or syslog aggregator:
https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-syslog.html


I would provide documentation on how to configure additional outputs in Nagios Log Server if I could find any ;) This documentation has some of the same steps, except instead of Splunk it's forwarding to Nagios XI/Core as passive checks:
https://assets.nagios.com/downloads/nagios-log-server/docs/Using-An-Output-To-Create-Nagios-XI-Passive-Objects.pdf

Let us know if you have additional questions or something is unclear.
Former Nagios employee
http://www.mcapra.com/
User avatar
mcapra
 
Posts: 3246
Joined: Thu May 05, 2016 3:54 pm

Re: LS events export to Splunk

Postby cdienger » Wed Jan 31, 2018 2:49 pm

Thanks @mcapra

I've used the following to send data from NLS to a remote syslog server:

Code: Select all
  syslog {
    procid => "Nagios"
    facility => 'daemon'
    host => '10.50.121.180'
    port => '514'
    protocol => 'tcp'
    severity => 'informational'
    }
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
cdienger
Support Tech
 
Posts: 1294
Joined: Tue Feb 07, 2017 11:26 am

Re: LS events export to Splunk

Postby DataAssure » Thu Feb 01, 2018 10:41 am

Tx guys! Will give that a try.
DataAssure
 
Posts: 23
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Postby dwhitfield » Thu Feb 01, 2018 12:35 pm

Please let us know if you have any additional questions.
dwhitfield
Former Nagios Staff
 
Posts: 4569
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN

Re: LS events export to Splunk

Postby DataAssure » Fri Feb 02, 2018 5:31 am

We have Splunk Heavy Forwarder and will give that a try.
DataAssure
 
Posts: 23
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Postby kyang » Fri Feb 09, 2018 11:16 am

Sounds good!

Let us know if you have any more questions.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
kyang
Support Tech
 
Posts: 1756
Joined: Tue Jul 25, 2017 3:35 pm


Return to Nagios Log Server

Who is online

Users browsing this forum: No registered users and 1 guest