Hi all,
I am new to Nagios Log server. Please advice if Nagios log server is able to do the following.
I have successfully configured to forward syslog events from linux server to a Nagios log server. I would like to create an alert or a trigger to execute an external script to send every receiving events (with timestamp, host and message content info) to an output file in nagios log server.
I notice that there are limited arguments such as count,status,output and lastrun in creating an alert. May be I can get help to create a plugin to accomplish the requirement.
Appreciate your attention. Thanks.
Rgds,
Leslie
filtering and forwarding log
Re: filtering and forwarding log
I apologize but helping write custom exec scripts is not included as a part of support. We do offer paid custom development, if that's something you're interested in you can reach out to sales@nagios.com to get more information/a quote.
This might be doable through an elasticsearch output to output to file if you want every message that meets certain criteria to be written to a file on the LS filesystem. Will that work for you? If so, what do you have set for the query so I can help you construct the output?
This might be doable through an elasticsearch output to output to file if you want every message that meets certain criteria to be written to a file on the LS filesystem. Will that work for you? If so, what do you have set for the query so I can help you construct the output?
-
shamleslie
- Posts: 5
- Joined: Fri Jun 26, 2015 4:51 am
Re: filtering and forwarding log
Hi,
I am looking for a log server with a real-filtering based on user defined blacklist or whitelist for alerting. We may be receiving many events from syslog every second but we are only interested to be alerted on new event (message content) that is not found in the blacklist. Of course, we may need to define a fixed string based on message content to be filtered in the blacklist/whitelist file.
Nagios log server is good if you know what event to look for and create this custom queries for alerting. That would be a lot of custom queries to be created manually!
Thanks for your prompt reply.
Rgds,
Leslie
I am looking for a log server with a real-filtering based on user defined blacklist or whitelist for alerting. We may be receiving many events from syslog every second but we are only interested to be alerted on new event (message content) that is not found in the blacklist. Of course, we may need to define a fixed string based on message content to be filtered in the blacklist/whitelist file.
Nagios log server is good if you know what event to look for and create this custom queries for alerting. That would be a lot of custom queries to be created manually!
Thanks for your prompt reply.
Rgds,
Leslie
Re: filtering and forwarding log
There isn't currently any whitelist functionality in Nagios Log Server at this point in time.
Here's an example output like I'm referring to:
https://www.elastic.co/guide/en/logstas ... -file.html
Here's an example output like I'm referring to:
Code: Select all
if "Some message" in [message] {
file{
path => "/path/to/the/fileyouwant.log"
codec => line{format => "%{@timestamp};%{message}"}
}
}
if "Some other message" in [message] {
file{
path => "/path/to/the/fileyouwant.log"
codec => line{format => "%{@timestamp};%{message}"}
}
}