LS events export to Splunk
-
- Posts: 34
- Joined: Thu Jul 31, 2014 8:36 am
LS events export to Splunk
How to export Log Server events to Splunk? I read one user was able to accomplish that via Port#9997 but I couldn't anything in LS Admin & User Guide. Any ideas? Tx
Re: LS events export to Splunk
The below documentation assumes you are using Nagios Log Server 2.0+.
It sort of depends on some specifics of your Splunk architecture.
A very common way to forward messages from Logstash to Splunk generally is to use a syslog Logstash output rule pointed at a Splunk Heavy Forwarder or syslog aggregator:
https://www.elastic.co/guide/en/logstas ... yslog.html
I would provide documentation on how to configure additional outputs in Nagios Log Server if I could find any This documentation has some of the same steps, except instead of Splunk it's forwarding to Nagios XI/Core as passive checks:
https://assets.nagios.com/downloads/nag ... bjects.pdf
Let us know if you have additional questions or something is unclear.
It sort of depends on some specifics of your Splunk architecture.
A very common way to forward messages from Logstash to Splunk generally is to use a syslog Logstash output rule pointed at a Splunk Heavy Forwarder or syslog aggregator:
https://www.elastic.co/guide/en/logstas ... yslog.html
I would provide documentation on how to configure additional outputs in Nagios Log Server if I could find any This documentation has some of the same steps, except instead of Splunk it's forwarding to Nagios XI/Core as passive checks:
https://assets.nagios.com/downloads/nag ... bjects.pdf
Let us know if you have additional questions or something is unclear.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: LS events export to Splunk
Thanks @mcapra
I've used the following to send data from NLS to a remote syslog server:
I've used the following to send data from NLS to a remote syslog server:
Code: Select all
syslog {
procid => "Nagios"
facility => 'daemon'
host => '10.50.121.180'
port => '514'
protocol => 'tcp'
severity => 'informational'
}
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 34
- Joined: Thu Jul 31, 2014 8:36 am
Re: LS events export to Splunk
Tx guys! Will give that a try.
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: LS events export to Splunk
Please let us know if you have any additional questions.
-
- Posts: 34
- Joined: Thu Jul 31, 2014 8:36 am
Re: LS events export to Splunk
We have Splunk Heavy Forwarder and will give that a try.