Log server priority and severity set to 0

This board serves as an open discussion and support collaboration point for Nagios Log Server. NOTE: Nagios Log Server customers should use the Customer Support forum to obtain expedited support.

Log server priority and severity set to 0

Postby agg » Tue Oct 08, 2019 3:13 am

Hi,

I'm currently working on a project where I need to send log messages to Nagios server. I can send messages, but priority and severity are always set to zero eventhough I changed from DEBUG to ERROR. I'm completely new to Nagios as I'm just developing the Python code and I never worked with Nagios.

thumbnail_image001.jpg
Nagios screen


I also include what I'm currently logging:

2019-10-04 11:39:37,823 - __main__ - INFO - *** Process start ***
2019-10-04 11:39:37,823 - __main__ - INFO - Connecting to DB
2019-10-04 11:39:37,831 - __main__ - INFO - Connection created
2019-10-04 11:39:37,835 - __main__ - INFO - Query executed
2019-10-04 11:39:38,355 - __main__ - INFO - *** Process ends ***

I've done some research, but I can't find the reason to this.
Any help in the right direction will be highly appreciated.

Best regards,
Àlex
agg
 
Posts: 3
Joined: Mon Oct 07, 2019 10:50 pm

Re: Log server priority and severity set to 0

Postby mcapra » Tue Oct 08, 2019 11:52 am

You are sending a message from your Python code to the syslog input rule that comes pre-installed with Nagios Log Server. Problem is, your message is not syslog compliant (RFC3164). The Nagios Log Server input rule is looking for a syslog formatted message, and you're sending it something completely different.

More info:
https://stackoverflow.com/questions/920 ... age-format

Python has a few RFC5424 libraries you could try, which might produce a RFC3164 compliant message?
https://pypi.org/project/rfc5424-logging-handler/

Else, you could feed your logs into a different input rule. There should be a "Import Files - Raw" rule and a "Import Files - JSON" input rule. If you were to format your log messages as JSON, you could feed them right into the JSON rule and get nice field mappings to search on. Or, you could write a filter rule to process your messages as-is and map them to fields with some clever Grok filters.

More info on input rules:
https://assets.nagios.com/downloads/nag ... Inputs.pdf

More info on filter rules:
https://assets.nagios.com/downloads/nag ... ilters.pdf
Former Nagios employee
http://www.mcapra.com/
User avatar
mcapra
 
Posts: 3584
Joined: Thu May 05, 2016 3:54 pm

Re: Log server priority and severity set to 0

Postby agg » Tue Oct 08, 2019 12:09 pm

Thank you for your quick reply mcapra
I thought it was syslog compliant when I saw type “syslog” in the dashboard screen I attached in my post, my fault.
I’m gonna check the library you mentioned in your reply.
Thanks again for your help
Best regards
Alex
agg
 
Posts: 3
Joined: Mon Oct 07, 2019 10:50 pm

Re: Log server priority and severity set to 0

Postby cdienger » Tue Oct 08, 2019 1:35 pm

Thanks for the input, @mcapra!

@agg, let us know your results and if we can assist with anything further.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
cdienger
Support Tech
 
Posts: 3679
Joined: Tue Feb 07, 2017 11:26 am

Re: Log server priority and severity set to 0

Postby agg » Wed Oct 09, 2019 9:31 am

Hi @mcapra

I tried the library you suggested and I can't see any difference between my previous post. Nagios received the message but priority and severity are still zero. As you can see from my attached screenshot, the message has different <XX> calculated.
Any idea?

[img]
thumbnail_image001.png
[/img]

Thank you again
Àlex
Attachments
thumbnail_image001.png
agg
 
Posts: 3
Joined: Mon Oct 07, 2019 10:50 pm

Re: Log server priority and severity set to 0

Postby cdienger » Wed Oct 09, 2019 4:52 pm

The syslog input(https://www.elastic.co/guide/en/logstas ... yslog.html) is expecting the logs to come over in following rfc3164. Try changing the message to look like:

Code: Select all
<155>Oct  9 16:49:01 hostname program: test
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
cdienger
Support Tech
 
Posts: 3679
Joined: Tue Feb 07, 2017 11:26 am


Return to Nagios Log Server

Who is online

Users browsing this forum: No registered users and 4 guests