This support forum board is for support questions relating to
Nagios Log Server , our solution for managing and monitoring critical log data.
floki
Posts: 65 Joined: Tue Dec 18, 2018 5:23 am
Post
by floki » Wed Jan 16, 2019 10:12 pm
Good Day,
After I restart rsyslog in a monitored server by nagios log server. It generated a file named: nls-state-opt_snort-alerts_major.log
Code: Select all
<Obj:1:strm:1:
+iCurrFNum:2:1:1:
+pszFName:1:27:/opt/snort-alerts/major.log:
+iMaxFiles:2:1:0:
+bDeleteOnClose:2:1:0:
+sType:2:1:2:
+tOperationsMode:2:1:1:
+tOpenMode:2:3:384:
+iCurrOffs:2:1:0:
+inode:2:1:0:
+bPrevWasNL:2:1:0:
>End
How do you interpret the files generate from /var/lib/rsyslog?
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Thu Jan 17, 2019 11:12 am
This file is used to keep track of the offset in the file so rsyslog knows where it left off the last time it looked in the file for new lines to send to Log Server.
This file is created as a function of rsyslog.
floki
Posts: 65 Joined: Tue Dec 18, 2018 5:23 am
Post
by floki » Thu Jan 17, 2019 1:54 pm
Alright, understood. Thanks a lot!
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Thu Jan 17, 2019 2:12 pm
floki wrote: Alright, understood. Thanks a lot!
Glad to help.
Locking thread