Cisco Switch Logs
Re: Cisco Switch Logs
[root@localhost logstash]# ls -al
total 12
drwxr-xr-x. 2 nagios nagios 4096 Mar 28 03:35 .
drwxr-xr-x. 8 root root 4096 Mar 31 16:05 ..
-rw-r--r-- 1 nagios users 0 Mar 28 03:35 logstash.log
-rw-r--r-- 1 nagios users 547 Mar 28 03:35 logstash.log-20150328.gz
[root@localhost logstash]#
Looks like the logstash.log file has nothing in it however it has a logstash.log-20150328.gz so maybe the logs are in there.
total 12
drwxr-xr-x. 2 nagios nagios 4096 Mar 28 03:35 .
drwxr-xr-x. 8 root root 4096 Mar 31 16:05 ..
-rw-r--r-- 1 nagios users 0 Mar 28 03:35 logstash.log
-rw-r--r-- 1 nagios users 547 Mar 28 03:35 logstash.log-20150328.gz
[root@localhost logstash]#
Looks like the logstash.log file has nothing in it however it has a logstash.log-20150328.gz so maybe the logs are in there.
Re: Cisco Switch Logs
Think I found the problem.
[root@localhost logstash]# tail logstash.log-20150328
{:timestamp=>"2015-03-27T18:38:02.231000-0400", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2015-03-27T18:38:02.265000-0400", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-03-27T18:44:58.613000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:44:58.707000-0400", :message=>"Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:59:07.056000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:59:07.127000-0400", :message=>"Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T19:09:57.527000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
[root@localhost logstash]#
No config file found is the first error message.
If I go to the Administration area and I do a view input files I get the following.
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 31 Mar 2015 16:52:44 -0400
#
#
# Global inputs
#
#
# Local inputs
#
[root@localhost logstash]# tail logstash.log-20150328
{:timestamp=>"2015-03-27T18:38:02.231000-0400", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2015-03-27T18:38:02.265000-0400", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-03-27T18:44:58.613000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:44:58.707000-0400", :message=>"Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:59:07.056000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:59:07.127000-0400", :message=>"Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T19:09:57.527000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
[root@localhost logstash]#
No config file found is the first error message.
If I go to the Administration area and I do a view input files I get the following.
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 31 Mar 2015 16:52:44 -0400
#
#
# Global inputs
#
#
# Local inputs
#
Re: Cisco Switch Logs
Run the following command to remove your current configuration files:
Please navigate to the Web GUI -> Administration -> Global Configuration and issue an 'Apply Configuration' - this will regenerate your logstash config files.
After this, try restarting logstash:
Code: Select all
rm -rf /usr/local/nagioslogserver/logstash/etc/conf.d/*.confAfter this, try restarting logstash:
Code: Select all
service logstash restartRe: Cisco Switch Logs
Yes I did step 2 of the document.
Re: Cisco Switch Logs
Did the following commands and it started but stopped again.
Re: Cisco Switch Logs
You removed the .conf files and pressed the 'Apply Configuration' button? Did anything show up in the logstash conf directory?
Anything new in the logstash log?
Code: Select all
ls -l /usr/local/nagioslogserver/logstash/etc/conf.d/Re: Cisco Switch Logs
I added another syslog file to the local instance which is actually the only one running and I also add another syslog input and saved & verified button. Then started logstash and it is now collecting and has not stopped this time.
Re: Cisco Switch Logs
Great - let us know if you have any further issues!
Re: Cisco Switch Logs
Interesting I only see local inputs which looks like the local instance of the server. Even though I have Global inputs configured I don't see those in this file.
[root@localhost conf.d]# more 000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 31 Mar 2015 17:12:55 -0400
#
#
# Global inputs
#
#
# Local inputs
#
input {
syslog {
type => 'syslog'
port => 514
}
}
[root@localhost conf.d]# more 000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 31 Mar 2015 17:12:55 -0400
#
#
# Global inputs
#
#
# Local inputs
#
input {
syslog {
type => 'syslog'
port => 514
}
}