NLS Setup

[Alan-kl_tam]

I have installed NLS for POC, and don't know how to configure for /var/log/secure monitoring?
is it use "bash setup-linux.sh -s IP Address -p 5544 -f /var/log/secure -t ????" for "-t"option, what should i input?
Please advise. Thanks.
Alan

[tmcdonald]

The -t option is just used to provide a label or a type for the incoming data. You can call it "secure" or "security" or just about anything you want. Otherwise the command looks fine.

[eloyd]

You can call it what ever you want, but you will be stuck with this later. If you start writing custom filters and dashboard components, you may need to access your data using that tag so just be aware that you will want to make it meaningful.

As an example, we send Apache access_log files as "apache_access" and Apache error_log files as "apache_error" and Asterisk log files as "asterisk_log" and Asterisk CDR files as "asterisk_cdr" etc. This way, we can pull Web reports based on access versus errors, and Asterisk reports based on log files versus calls. You may want to consider something similar in your approach.

[slansing]

Excellent starter tips Eloyd, that is a very good point. The sooner you decide on a schema/naming convention and copy it down, the better, it will make things 10x easier once you get into customizing your NLS a bit more.

[Alan-kl_tam]

Thanks, but after executed the script, nothing show in Nagios log server dashboard, i expect it will show all Login activities in dashboard... please advise.
Alan

[sreinhardt]

Have you tried filtering for that specific tag or host and allowing more than a 24 hour window? If you systems time are not synced NLS will accept the remote system time and respect that when entering into your database. This can cause logs that you think should be showing to display well before or after the time they would correctly be displayed at. You can also take a look at the admin->index status page and see what shards are growing. If an older or newer shard is growing, time is likely the culprit.

[eloyd]

time is likely the culprit.

Time isn't holding up. Time isn't after us. Same as it ever was. Same as it ever was. Same as it ever was.

[sreinhardt]

Next you're going to start on relativity and times effect on quantum mechanics. We have a forum for that called Nagios Ideas.

Alan-kl_tam if you could let us know after you check time settings, how things are working please.

[Alan-kl_tam]

Thanks, both NLS and target system time are sync..
I have creage a program tab called "LOGIN", it show correctly in dashboard, but when i try to type wrong password, nothing show in dashboard..
Please advise.
Alan

[Alan-kl_tam]

I have uploaded screenshot for reference, as i found that the time in "message" are showing the last day time and different with "@timestamp" (see Atttachement)
Please advise.