sendin nagios core logs to the logserver

benhank · Post by **benhank** » Wed Sep 16, 2020 2:15 pm

Howdi everyone!

I used the following to instructions:

https://assets.nagios.com/downloads/nagios-log-server/docs/Sending-Nagios-Core-Logs-To-Nagios-Log-Server.pdf

and everything seems to have worked. I have the following files in the correct locations:

Code: Select all

s /etc/rsyslog.d/
89-nagioslogserver_usr_local_nagios_var_nagios.log.conf  99-nagioslogserver.conf

and Im usinf the filter that i have attached, but there is no data in the dashboards.

I have confirmed that I am getting logs from the server from the server, just not from nagios core.

scottwilkerson · Post by **scottwilkerson** » Thu Sep 17, 2020 9:20 am

Are you seeing anything from this server?

Is the filter just not breaking it apart properly?

benhank · Post by **benhank** » Thu Sep 17, 2020 10:52 am

Let me clarify :

2.PNG

I think that the filter might not work

scottwilkerson · Post by **scottwilkerson** » Thu Sep 17, 2020 4:58 pm

Can you show one of the message fields from one of the records?

benhank · Post by **benhank** » Fri Sep 18, 2020 10:10 am

here you go the logserver both are syslog messages:

Code: Select all

	<133>Sep 18 11:06:41 lkenshexxxx nagios_core: [1600441598] SERVICE ALERT: CTX-MSO-xxxxx.xxxxh.net;NSClient: NRPE:  Memory Usage - Citrix;CRITICAL;SOFT;4;CRITICAL: physical: Total: 11.999GB - Used: 11.9GB (99%) - Free: 101.41MB (0%)

and here is another for the os

Code: Select all

 <78>Sep 18 11:06:01 lkensxxxxxx CROND[22605]: (nagios) CMD (/usr/bin/php -q /usr/local/nagiosxi/cron/sysstat.php >> /usr/local/nagiosxi/var/sysstat.log 2>&1)

Post by **cdienger** » Fri Sep 18, 2020 5:18 pm

Let's enable some debug logging.

Edit /etc/init.d/logstash and change line 64 from:

Code: Select all

DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"

to:

Code: Select all

DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS} --debug"

and restart the service with:

Code: Select all

systemctl daemon-reload
systemctl restart logstash

Let this run just long enough to allow NLS to receive some nagios events and then collect the /var/log/logstash/logstash.log file before reverting the config back.

benhank · Post by **benhank** » Mon Sep 21, 2020 10:30 am

I'll get that data for you, but i wonder is my rsyslog.conf file correct?

benhank · Post by **benhank** » Mon Sep 21, 2020 12:37 pm

here it is!

Post by **cdienger** » Mon Sep 21, 2020 5:05 pm

It looks like you have an input that reads in the /var/log/logstash.log file which makes reading the log difficult. Can you disable this input, clear the current logstash.log, and try the debug again? I do see instances of Nagios events in the log but finding it hard to trace though since it appears to be causing a logging loop.

benhank · Post by **benhank** » Wed Sep 23, 2020 9:04 am

here you go

Nagios Support Forum

sendin nagios core logs to the logserver

sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver

Re: sendin nagios core logs to the logserver