how can NLS send syslog data to splunk

This board serves as an open discussion and support collaboration point for Nagios Log Server. NOTE: Nagios Log Server customers should use the Customer Support forum to obtain expedited support.

how can NLS send syslog data to splunk

Postby hyacinth » Thu Feb 08, 2018 7:54 pm

Dear Friends,
We want to send syslog data from nagios log server to splunk. Splunk has finished the configuration to connect with NLS, but we don't know the location of moniting syslog data.
We have tried to find the location as attached, but none of them seems like log data. Please help to check.
Attachments
log location.png
hyacinth
 
Posts: 10
Joined: Wed Dec 13, 2017 2:21 am

Re: how can NLS send syslog data to splunk

Postby mcapra » Fri Feb 09, 2018 9:21 am

If you're interested in forwarding events to Splunk, see this thread:
https://support.nagios.com/forum/viewtopic.php?f=37&t=47324
Former Nagios employee
http://www.mcapra.com/
User avatar
mcapra
 
Posts: 3045
Joined: Thu May 05, 2016 3:54 pm

Re: how can NLS send syslog data to splunk

Postby npolovenko » Fri Feb 09, 2018 12:20 pm

Thanks, @mcapra!
@hyacinth , Let us know if you have other questions.
User avatar
npolovenko
Support Tech
 
Posts: 1264
Joined: Mon May 15, 2017 5:00 pm

Re: how can NLS send syslog data to splunk

Postby hyacinth » Sat Feb 10, 2018 8:26 pm

@mcapra
Thanks Mcapra, I have read that post before, but I don't know how to and where configure the code:
syslog {
procid => "Nagios"
facility => 'daemon'
host => '10.50.121.180'
port => '514'
protocol => 'tcp'
severity => 'informational'
}

One more question, Can Nagios LS analyze and filter the collected syslog and then send useful syslog data to Splunk ? How dose it work ? You know, too many useless logs will cost too much on Splunk.
hyacinth
 
Posts: 10
Joined: Wed Dec 13, 2017 2:21 am

Re: how can NLS send syslog data to splunk

Postby cdienger » Mon Feb 12, 2018 11:29 am

The output can be configured under Configure > Global (All Instances) > Global Config . Click the "Show Outputs" in the top right corner and then Add Output > Custom. Give it a name("Splunk Output" for example) and paste the output config.

You can use logic to only send specific data. For example, to send only logs from a client with an IP of 192.168.2.3:

Code: Select all
if [host] == "192.168.2.3"{
     syslog {
     procid => "Nagios"
     facility => 'daemon'
     host => '10.50.121.180'
     port => '514'
     protocol => 'tcp'
     severity => 'informational'
     }
}


https://www.elastic.co/guide/en/logstas ... ation.html and https://www.elastic.co/guide/en/logstas ... mples.html have more details on logstash configuration.
User avatar
cdienger
Support Tech
 
Posts: 919
Joined: Tue Feb 07, 2017 11:26 am


Return to Nagios Log Server

Who is online

Users browsing this forum: No registered users and 5 guests