[Pre-Purchase]Some questions regarding functionality

[OnsightSolutions]

Hello all,

We are thinking about purchasing Nagios Log Server, but we got some(well, for now just 1) questions before we can.
We want to replace our current logserver with a different one. Our Logserver of choice is Nagios.

Via our current log server we can automatically export logs to a .txt. I haven't found this in Nagios yet.
What we need is to save certain logs for 3 years. All other logs can be discarded after a shorter time period(not sure exactly for how long we should keep those).
Is there an easy way to export everything or just a certain query to either a different database or to a file?

Thanks!

[eloyd]

No, you cannot specify different retention times for different types of logs. This is something I've asked for. There may be a request open for it, I do not recall.

NLS does not export logs, it gathers them. To my knowledge there is no way to export what it has gathered as a text file.

Both of these problems can be manged by managing the log file sources themselves, rather than the information sent to NLS. You can still have a copy of the original log file and just use NLS for analysis, trending, reporting, and alerting.

[scottwilkerson]

We definitely will add some additional items to the UI to be able to easily so some things like this, however, you could run the following on one of your Log Server instances to export your DHCP items

Code: Select all

curl -XPOST 'localhost:9200/logstash-2015.02.18/_export?path=/tmp/dhcp-2015.02.18.zip' -d '{
   "query" : {
       "match_phrase" : {
           "host" : "192.168.5.15"
       }
   }
}'

This would export all of the items from the index logstash-2015.02.18 that had a host field with a value of 192.168.5.15 and place them in /tmp/dhcp-2015.02.18.zip

If you had all the DHCP items tagged with certain tags you could just reference them.

[eloyd]

I am so glad to be proven wrong!

[scottwilkerson]

No, you cannot specify different retention times for different types of logs. This is something I've asked for. There may be a request open for it, I do not recall.

There is a request open, and it is on the roadmap.

NLS does not export logs, it gathers them. To my knowledge there is no way to export what it has gathered as a text file.

Completely incorrect, you actually can add Outputs to your logstash configuration to also output to a list of about 30 different types.

In Administration -> Global Configuration click Show Outputs.

You can add any of the outputs found here
http://logstash.net/docs/1.4.2/

This is in addition to putting the items in elasticsearch. So, you could also do something like this in the outputs

Code: Select all

if [host] == '192.168.5.15' {
    file {
        path => "/tmp/all_192.168.5.15_logs.log"
    }
}

The caveat here is if you have a multi-instance cluster, you obviously will want to make sure the path is a shared filesystem

[scottwilkerson]

I am so glad to be proven wrong!

A hundred ways to do things with this stack, it is just going to take us some time to document them all....