Hi
Can we send audit logs to nls via RELP by using setup-linux.sh script which has provided in nagios ls source/installation.
For example;
if the client nodes have been configured RELP to send logs to NLS over TCP, how can we use this script to send
Audit logs,
Auth logs
Sys logs
to nls?
Appreciate it if anyone can help me on configure client side to send logs to nls. (Audit,Auth and syslogs)
Thank you
Luke
sending Audit/Auth logs over RELP to NLS
Re: sending Audit/Auth logs over RELP to NLS
I haven't set it up myself yet, but had another customer recently inquire about relp. There does seem to be a few config changes that need to be done on the client side that the script does not do and you'll also need to install a relp plugin on the NLS side.
The setup script creates a config file under /etc/rsyslog.d/that would need to be modified.
https://access.redhat.com/documentation ... using_relp has details regarding the configuration of the client.
To install the plugin on the NLS server:
/usr/local/nagioslogserver/logstash/bin/logstash-plugin install logstash-input-relp
details on setting up the input can be found at:
https://www.elastic.co/guide/en/logstas ... -relp.html
The setup script creates a config file under /etc/rsyslog.d/that would need to be modified.
https://access.redhat.com/documentation ... using_relp has details regarding the configuration of the client.
To install the plugin on the NLS server:
/usr/local/nagioslogserver/logstash/bin/logstash-plugin install logstash-input-relp
details on setting up the input can be found at:
https://www.elastic.co/guide/en/logstas ... -relp.html
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.