Hi,
I'm currently working on a project where I need to send log messages to Nagios server. I can send messages, but priority and severity are always set to zero eventhough I changed from DEBUG to ERROR. I'm completely new to Nagios as I'm just developing the Python code and I never worked with Nagios.
I also include what I'm currently logging:
2019-10-04 11:39:37,823 - __main__ - INFO - *** Process start ***
2019-10-04 11:39:37,823 - __main__ - INFO - Connecting to DB
2019-10-04 11:39:37,831 - __main__ - INFO - Connection created
2019-10-04 11:39:37,835 - __main__ - INFO - Query executed
2019-10-04 11:39:38,355 - __main__ - INFO - *** Process ends ***
I've done some research, but I can't find the reason to this.
Any help in the right direction will be highly appreciated.
Best regards,
Àlex
Log server priority and severity set to 0
Log server priority and severity set to 0
You do not have the required permissions to view the files attached to this post.
Re: Log server priority and severity set to 0
You are sending a message from your Python code to the syslog input rule that comes pre-installed with Nagios Log Server. Problem is, your message is not syslog compliant (RFC3164). The Nagios Log Server input rule is looking for a syslog formatted message, and you're sending it something completely different.
More info:
https://stackoverflow.com/questions/920 ... age-format
Python has a few RFC5424 libraries you could try, which might produce a RFC3164 compliant message?
https://pypi.org/project/rfc5424-logging-handler/
Else, you could feed your logs into a different input rule. There should be a "Import Files - Raw" rule and a "Import Files - JSON" input rule. If you were to format your log messages as JSON, you could feed them right into the JSON rule and get nice field mappings to search on. Or, you could write a filter rule to process your messages as-is and map them to fields with some clever Grok filters.
More info on input rules:
https://assets.nagios.com/downloads/nag ... Inputs.pdf
More info on filter rules:
https://assets.nagios.com/downloads/nag ... ilters.pdf
More info:
https://stackoverflow.com/questions/920 ... age-format
Python has a few RFC5424 libraries you could try, which might produce a RFC3164 compliant message?
https://pypi.org/project/rfc5424-logging-handler/
Else, you could feed your logs into a different input rule. There should be a "Import Files - Raw" rule and a "Import Files - JSON" input rule. If you were to format your log messages as JSON, you could feed them right into the JSON rule and get nice field mappings to search on. Or, you could write a filter rule to process your messages as-is and map them to fields with some clever Grok filters.
More info on input rules:
https://assets.nagios.com/downloads/nag ... Inputs.pdf
More info on filter rules:
https://assets.nagios.com/downloads/nag ... ilters.pdf
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Log server priority and severity set to 0
Thank you for your quick reply mcapra
I thought it was syslog compliant when I saw type “syslog” in the dashboard screen I attached in my post, my fault.
I’m gonna check the library you mentioned in your reply.
Thanks again for your help
Best regards
Alex
I thought it was syslog compliant when I saw type “syslog” in the dashboard screen I attached in my post, my fault.
I’m gonna check the library you mentioned in your reply.
Thanks again for your help
Best regards
Alex
Re: Log server priority and severity set to 0
Thanks for the input, @mcapra!
@agg, let us know your results and if we can assist with anything further.
@agg, let us know your results and if we can assist with anything further.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Log server priority and severity set to 0
Hi @mcapra
I tried the library you suggested and I can't see any difference between my previous post. Nagios received the message but priority and severity are still zero. As you can see from my attached screenshot, the message has different <XX> calculated.
Any idea?
[img] [/img]
Thank you again
Àlex
I tried the library you suggested and I can't see any difference between my previous post. Nagios received the message but priority and severity are still zero. As you can see from my attached screenshot, the message has different <XX> calculated.
Any idea?
[img] [/img]
Thank you again
Àlex
You do not have the required permissions to view the files attached to this post.
Re: Log server priority and severity set to 0
The syslog input(https://www.elastic.co/guide/en/logstas ... yslog.html) is expecting the logs to come over in following rfc3164. Try changing the message to look like:
Code: Select all
<155>Oct 9 16:49:01 hostname program: test
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.