WillemDH wrote:I'm not looking forward to enable cli and reload every time it fails.
Can I monitor the ESXi syslog service state with Nagios XI? And maybe make a Reactor Event Handler when it fails?
I think it's important to know when logs have stopped coming in so I created a feature request including "It would be great if there was an option to create an alert if it stopped receiving logs from this source. Default options like "Alert if no logs received in the past X Minutes/Hours/Days". http://tracker.nagios.com/view.php?id=661
Tom,
Great find on the UDP information, I'm also going to give that a shot. Once confirmed it might be worth us updating that ESXi guide.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Box293 wrote:I think it's important to know when logs have stopped coming in so I created a feature request including "It would be great if there was an option to create an alert if it stopped receiving logs from this source. Default options like "Alert if no logs received in the past X Minutes/Hours/Days".
You can already sorta do this. You would just create a time filter for the last X hours, minute, days, fortnights, whatever you want, and then for the query you would search for the hostname/ip/other identifying feature of the host you want to monitor. Then save that query and make an alert based off of it.
Nice tip, but imho this seems more like something that should be on the homepage of the NLS, an overview of all hosts that did not send logs in the last x hours. At this moment we have on the frontpage:
"Send More Logs - Receiving logs from 7 hosts. Follow the guides below to configure additional sources"
While I'm having troubles with 3 hosts that did not send any logs any more for the last 15 hours.. (see http://support.nagios.com/forum/viewtop ... 38&t=31137) If we have to make a query / alert for every host, this is rather timeconsuming, it should be 'out-of-the-box' very clear which servers did not send logs.
Ahh, now that you put it that way it's more clear. I will certainly put in a feature request for this. A sort of "freshness check" for logs, if you will.
I just wanted to confirm our ESXi servers keep sending logs after an 'Apply Configuration' when they send over UDP port 514. It seems the logs stop coming in during the apply configuration ( see gap in screenshot), but at least the syslog daemon on the ESXi server doesn't break untill a reload is executed.
This thread can be closed, for me. it should proabably be a good idea to put this in the documentation.
Thanks and grtz
Willem
You do not have the required permissions to view the files attached to this post.
