This support forum board is for support questions relating to
Nagios Log Server , our solution for managing and monitoring critical log data.
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Wed Sep 16, 2020 2:15 pm
Howdi everyone!
I used the following to instructions:
Code: Select all
https://assets.nagios.com/downloads/nagios-log-server/docs/Sending-Nagios-Core-Logs-To-Nagios-Log-Server.pdf
and everything seems to have worked. I have the following files in the correct locations:
Code: Select all
s /etc/rsyslog.d/
89-nagioslogserver_usr_local_nagios_var_nagios.log.conf 99-nagioslogserver.conf
and Im usinf the filter that i have attached, but there is no data in the dashboards.
I have confirmed that I am getting logs from the server from the server, just not from nagios core.
You do not have the required permissions to view the files attached to this post.
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Thu Sep 17, 2020 9:20 am
Are you seeing anything from this server?
Is the filter just not breaking it apart properly?
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Thu Sep 17, 2020 10:52 am
Let me clarify :
2.PNG
2.PNG
I think that the filter might not work
You do not have the required permissions to view the files attached to this post.
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Thu Sep 17, 2020 4:58 pm
Can you show one of the message fields from one of the records?
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Fri Sep 18, 2020 10:10 am
here you go the logserver both are syslog messages:
Code: Select all
<133>Sep 18 11:06:41 lkenshexxxx nagios_core: [1600441598] SERVICE ALERT: CTX-MSO-xxxxx.xxxxh.net;NSClient: NRPE: Memory Usage - Citrix;CRITICAL;SOFT;4;CRITICAL: physical: Total: 11.999GB - Used: 11.9GB (99%) - Free: 101.41MB (0%)
and here is another for the os
Code: Select all
<78>Sep 18 11:06:01 lkensxxxxxx CROND[22605]: (nagios) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.php >> /usr/local/nagiosxi/var/sysstat.log 2>&1)
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
cdienger
Support Tech
Posts: 5045 Joined: Tue Feb 07, 2017 11:26 am
Post
by cdienger » Fri Sep 18, 2020 5:18 pm
Let's enable some debug logging.
Edit /etc/init.d/logstash and change line 64 from:
Code: Select all
DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"
to:
Code: Select all
DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS} --debug"
and restart the service with:
Code: Select all
systemctl daemon-reload
systemctl restart logstash
Let this run just long enough to allow NLS to receive some nagios events and then collect the /var/log/logstash/logstash.log file before reverting the config back.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new
Privacy Policy .
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Mon Sep 21, 2020 10:30 am
I'll get that data for you, but i wonder is my rsyslog.conf file correct?
You do not have the required permissions to view the files attached to this post.
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Mon Sep 21, 2020 12:37 pm
here it is!
You do not have the required permissions to view the files attached to this post.
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
cdienger
Support Tech
Posts: 5045 Joined: Tue Feb 07, 2017 11:26 am
Post
by cdienger » Mon Sep 21, 2020 5:05 pm
It looks like you have an input that reads in the /var/log/logstash.log file which makes reading the log difficult. Can you disable this input, clear the current logstash.log, and try the debug again? I do see instances of Nagios events in the log but finding it hard to trace though since it appears to be causing a logging loop.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new
Privacy Policy .
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Wed Sep 23, 2020 9:04 am
here you go
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion