log server forwarding to Nagios-Log-Server?

[RobMcKennon]

Hello!

I already have a log server setup which receives all my hosts' logs either via syslog or rsyslog. These go into the /var/log/HOSTS directory (each to their own subdirectory). With splunk, I configure the splunk-forwarder to forward the /var/log/HOSTS directory to the splunk server/indexer and all is well. It appears that with the Nagios-log-server I need to run the setup-linux.sh script for each file, and give it a FILE_TAG. Is this the case? Can it not be configured to forward a directory recursively (e.g. /var/log/HOSTS/*)?


Rob McKennon

[sreinhardt]

I can't say I have tried that, but I believe you are correct that the current implementation will not support this. It is an excellent feature request though, and I will mention it to the developers! For sake of getting more details, are each of the files within these directories for unique services, such that there are not rotated files and it should be monitoring each file in there, not just a single newest file?

[RobMcKennon]

Yes, they are for unique services, but they are rotated.
The directory structure is something like this:

/var/log/HOSTS/db1/auth/auth.log
/var/log/HOSTS/db1/debug/debug.log
/var/log/HOSTS/db1/messages/messages.log
/var/log/HOSTS/db1/syslog/syslog.log
/var/log/HOSTS/db1/user/user.log
/var/log/HOSTS/db2/auth/auth.log
/var/log/HOSTS/db2/debug/debug.log
/var/log/HOSTS/db2/messages/messages.log
/var/log/HOSTS/db2/syslog/syslog.log
/var/log/HOSTS/db2/user/user.log
/var/log/HOSTS/www1/auth/auth.log
/var/log/HOSTS/www1/debug/debug.log
/var/log/HOSTS/www1/mail/mail.log
/var/log/HOSTS/www1/messages/messages.log
/var/log/HOSTS/www1/syslog/syslog.log
/var/log/HOSTS/www1/user/user.log

Rob

[abrist]

Ah, ok. I have opened an internal feature request for this (TaskID 4356).

[tmcdonald]

For posterity's sake, this was implemented in May of this year.