LS events export to Splunk

This board serves as an open discussion and support collaboration point for Nagios Log Server. NOTE: Nagios Log Server customers should use the Customer Support forum to obtain expedited support.

LS events export to Splunk

Postby DataAssure » Wed Jan 31, 2018 9:42 am

How to export Log Server events to Splunk? I read one user was able to accomplish that via Port#9997 but I couldn't anything in LS Admin & User Guide. Any ideas? Tx
DataAssure
 
Posts: 16
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Postby mcapra » Wed Jan 31, 2018 1:41 pm

The below documentation assumes you are using Nagios Log Server 2.0+.

It sort of depends on some specifics of your Splunk architecture.

A very common way to forward messages from Logstash to Splunk generally is to use a syslog Logstash output rule pointed at a Splunk Heavy Forwarder or syslog aggregator:
https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-syslog.html


I would provide documentation on how to configure additional outputs in Nagios Log Server if I could find any ;) This documentation has some of the same steps, except instead of Splunk it's forwarding to Nagios XI/Core as passive checks:
https://assets.nagios.com/downloads/nagios-log-server/docs/Using-An-Output-To-Create-Nagios-XI-Passive-Objects.pdf

Let us know if you have additional questions or something is unclear.
Former Nagios employee
http://www.mcapra.com/
User avatar
mcapra
 
Posts: 3045
Joined: Thu May 05, 2016 3:54 pm

Re: LS events export to Splunk

Postby cdienger » Wed Jan 31, 2018 2:49 pm

Thanks @mcapra

I've used the following to send data from NLS to a remote syslog server:

Code: Select all
  syslog {
    procid => "Nagios"
    facility => 'daemon'
    host => '10.50.121.180'
    port => '514'
    protocol => 'tcp'
    severity => 'informational'
    }
User avatar
cdienger
Support Tech
 
Posts: 919
Joined: Tue Feb 07, 2017 11:26 am

Re: LS events export to Splunk

Postby DataAssure » Thu Feb 01, 2018 10:41 am

Tx guys! Will give that a try.
DataAssure
 
Posts: 16
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Postby dwhitfield » Thu Feb 01, 2018 12:35 pm

Please let us know if you have any additional questions.
dwhitfield
Former Nagios Staff
 
Posts: 4568
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN

Re: LS events export to Splunk

Postby DataAssure » Fri Feb 02, 2018 5:31 am

We have Splunk Heavy Forwarder and will give that a try.
DataAssure
 
Posts: 16
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Postby kyang » Fri Feb 09, 2018 11:16 am

Sounds good!

Let us know if you have any more questions.
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
kyang
Support Tech
 
Posts: 1444
Joined: Tue Jul 25, 2017 3:35 pm


Return to Nagios Log Server

Who is online

Users browsing this forum: No registered users and 5 guests