Page 1 of 1

Log server priority and severity set to 0

Posted: Tue Oct 08, 2019 3:13 am
by agg
Hi,

I'm currently working on a project where I need to send log messages to Nagios server. I can send messages, but priority and severity are always set to zero eventhough I changed from DEBUG to ERROR. I'm completely new to Nagios as I'm just developing the Python code and I never worked with Nagios.
thumbnail_image001.jpg
I also include what I'm currently logging:

2019-10-04 11:39:37,823 - __main__ - INFO - *** Process start ***
2019-10-04 11:39:37,823 - __main__ - INFO - Connecting to DB
2019-10-04 11:39:37,831 - __main__ - INFO - Connection created
2019-10-04 11:39:37,835 - __main__ - INFO - Query executed
2019-10-04 11:39:38,355 - __main__ - INFO - *** Process ends ***

I've done some research, but I can't find the reason to this.
Any help in the right direction will be highly appreciated.

Best regards,
Àlex

Re: Log server priority and severity set to 0

Posted: Tue Oct 08, 2019 11:52 am
by mcapra
You are sending a message from your Python code to the syslog input rule that comes pre-installed with Nagios Log Server. Problem is, your message is not syslog compliant (RFC3164). The Nagios Log Server input rule is looking for a syslog formatted message, and you're sending it something completely different.

More info:
https://stackoverflow.com/questions/920 ... age-format

Python has a few RFC5424 libraries you could try, which might produce a RFC3164 compliant message?
https://pypi.org/project/rfc5424-logging-handler/

Else, you could feed your logs into a different input rule. There should be a "Import Files - Raw" rule and a "Import Files - JSON" input rule. If you were to format your log messages as JSON, you could feed them right into the JSON rule and get nice field mappings to search on. Or, you could write a filter rule to process your messages as-is and map them to fields with some clever Grok filters.

More info on input rules:
https://assets.nagios.com/downloads/nag ... Inputs.pdf

More info on filter rules:
https://assets.nagios.com/downloads/nag ... ilters.pdf

Re: Log server priority and severity set to 0

Posted: Tue Oct 08, 2019 12:09 pm
by agg
Thank you for your quick reply mcapra
I thought it was syslog compliant when I saw type “syslog” in the dashboard screen I attached in my post, my fault.
I’m gonna check the library you mentioned in your reply.
Thanks again for your help
Best regards
Alex

Re: Log server priority and severity set to 0

Posted: Tue Oct 08, 2019 1:35 pm
by cdienger
Thanks for the input, @mcapra!

@agg, let us know your results and if we can assist with anything further.

Re: Log server priority and severity set to 0

Posted: Wed Oct 09, 2019 9:31 am
by agg
Hi @mcapra

I tried the library you suggested and I can't see any difference between my previous post. Nagios received the message but priority and severity are still zero. As you can see from my attached screenshot, the message has different <XX> calculated.
Any idea?

[img]
thumbnail_image001.png
[/img]

Thank you again
Àlex

Re: Log server priority and severity set to 0

Posted: Wed Oct 09, 2019 4:52 pm
by cdienger
The syslog input(https://www.elastic.co/guide/en/logstas ... yslog.html) is expecting the logs to come over in following rfc3164. Try changing the message to look like:

Code: Select all

<155>Oct  9 16:49:01 hostname program: test