Nagios Log Server and syslogd
Nagios Log Server and syslogd
In the instructions for adding log file monitoring to a server with NLS it indicates syslog must be running on the server to be monitored. Currently on our production servers we are using syslogd. Is there a way to use syslogd instead of syslog to send the data to the NLS? I found solutions for syslog-ng but none for syslogd. Please let me know.
Re: Nagios Log Server and syslogd
I have filed this under Nagios Log Server.
I hate to be the bearer of bad news, but at the moment we only have support for rsyslog and syslog-ng as those are the default agents on most systems. If you wish to use a different agent, different protocol or anything of that nature you are more than welcome to.
Is there any chance you could use rsyslog?
I hate to be the bearer of bad news, but at the moment we only have support for rsyslog and syslog-ng as those are the default agents on most systems. If you wish to use a different agent, different protocol or anything of that nature you are more than welcome to.
Is there any chance you could use rsyslog?
Re: Nagios Log Server and syslogd
Ok we installed rsyslog on the first server we are trying to monitor. When I attempt to run the bash setup-linux.sh command I get the following:
[[email protected] etc]# bash setup-linux.sh -s 10.80.44.121 -p 5544
Detected rsyslog 2.0.6
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 10.80.44.121:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
SELinux is disabled.
ERROR: rsyslog configuration check failed.
Or:
[[email protected] etc]#bash setup-linux.sh -s 10.80.44.121 -p 5544 -f /tmp/steve.txt -t csappia21-tmp-steve.txt
Detected rsyslog 2.0.6
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 10.80.44.121:5544
Creating /etc/rsyslog.d/90-nagioslogserver_tmp_steve.txt.conf...
SELinux is disabled.
ERROR: rsyslog configuration check failed.
We are running Linux version 5.4 (Tikanga). We installed rsyslog.x86_64 2.0.6-1.el5. Any idea on why this would not be working?
[[email protected] etc]# bash setup-linux.sh -s 10.80.44.121 -p 5544
Detected rsyslog 2.0.6
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 10.80.44.121:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
SELinux is disabled.
ERROR: rsyslog configuration check failed.
Or:
[[email protected] etc]#bash setup-linux.sh -s 10.80.44.121 -p 5544 -f /tmp/steve.txt -t csappia21-tmp-steve.txt
Detected rsyslog 2.0.6
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 10.80.44.121:5544
Creating /etc/rsyslog.d/90-nagioslogserver_tmp_steve.txt.conf...
SELinux is disabled.
ERROR: rsyslog configuration check failed.
We are running Linux version 5.4 (Tikanga). We installed rsyslog.x86_64 2.0.6-1.el5. Any idea on why this would not be working?
Re: Nagios Log Server and syslogd
The script should have installed an rsyslog script in the following location: /etc/rsyslog.d/9*-*.conf
Can you please post the output of the appropriate file that was generated? I am also interested in the version of rsyslog that was installed:
Let me know - thanks!
Can you please post the output of the appropriate file that was generated? I am also interested in the version of rsyslog that was installed:
Code: Select all
rsyslogd -vRe: Nagios Log Server and syslogd
Jolson thanks for getting back to me. The file was created in the /etc/rsyslog.d/99-nagioslogserver.conf:
### Begin forwarding rule for Nagios Log Server NAGIOSLOGSERVER
$WorkDirectory /var/spool/rsyslog # Where spool files will live NAGIOSLOGSERVER
$ActionQueueFileName nlsFwdRule0 # Unique name prefix for spool files NAGIOSLOGSERVER
$ActionQueueMaxDiskSpace 1g # 1GB space limit (use as much as possible) NAGIOSLOGSERVER
$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown NAGIOSLOGSERVER
$ActionQueueType LinkedList # Use asynchronous processing NAGIOSLOGSERVER
$ActionResumeRetryCount -1 # Infinite retries if host is down NAGIOSLOGSERVER
# Remote host is: name/ip:port, e.g. x.x.x.x:514, port optional NAGIOSLOGSERVER
*.* @@x.x.x.x:5544 # NAGIOSLOGSERVER
### End of Nagios Log Server forwarding rule NAGIOSLOGSERVER
Here is the output from rsyslogd -v:
[[email protected] rsyslog.d]# rsyslogd -v
rsyslogd 2.0.6, compiled with:
FEATURE_PTHREADS (dual-threading): Yes
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: Yes
FEATURE_NETZIP (message compression): Yes
SYSLOG_INET (Internet/remote support): Yes
FEATURE_GSSAPI (GSSAPI Kerberos 5 support): No
FEATURE_DEBUG (debug build, slow code): No
See http://www.rsyslog.com for more information.
Seems like a really old version to me...
### Begin forwarding rule for Nagios Log Server NAGIOSLOGSERVER
$WorkDirectory /var/spool/rsyslog # Where spool files will live NAGIOSLOGSERVER
$ActionQueueFileName nlsFwdRule0 # Unique name prefix for spool files NAGIOSLOGSERVER
$ActionQueueMaxDiskSpace 1g # 1GB space limit (use as much as possible) NAGIOSLOGSERVER
$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown NAGIOSLOGSERVER
$ActionQueueType LinkedList # Use asynchronous processing NAGIOSLOGSERVER
$ActionResumeRetryCount -1 # Infinite retries if host is down NAGIOSLOGSERVER
# Remote host is: name/ip:port, e.g. x.x.x.x:514, port optional NAGIOSLOGSERVER
*.* @@x.x.x.x:5544 # NAGIOSLOGSERVER
### End of Nagios Log Server forwarding rule NAGIOSLOGSERVER
Here is the output from rsyslogd -v:
[[email protected] rsyslog.d]# rsyslogd -v
rsyslogd 2.0.6, compiled with:
FEATURE_PTHREADS (dual-threading): Yes
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: Yes
FEATURE_NETZIP (message compression): Yes
SYSLOG_INET (Internet/remote support): Yes
FEATURE_GSSAPI (GSSAPI Kerberos 5 support): No
FEATURE_DEBUG (debug build, slow code): No
See http://www.rsyslog.com for more information.
Seems like a really old version to me...
Last edited by jolson on Mon Apr 27, 2015 2:34 pm, edited 1 time in total.
Reason: obfuscated IP addresses
Reason: obfuscated IP addresses
Re: Nagios Log Server and syslogd
Could you try restarting rsyslog to see if it's reporting logs to Nagios Log Server? I don't think that rsyslog configuration changes very much, and I'm hoping that the configs we built are still valid for 2.0.6 (which as you said is quite old).
Does it restart properly? Any errors or otherwise interesting information?
Please post your base rsyslog configuration as well, I would like to check it for possible misconfiguration:
Code: Select all
service rsyslog restartPlease post your base rsyslog configuration as well, I would like to check it for possible misconfiguration:
Code: Select all
cat /etc/rsyslog.confRe: Nagios Log Server and syslogd
Unfortunately restarting rsyslog does not correct the problem. We have restarted it several times with no positive results. Here is the file:
[[email protected] etc]# cat /etc/rsyslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
#uucp,news.crit /var/log/spooler
*.* /var/spool/rsyslog
# Save boot messages also to boot.log
local7.* /var/log/boot.log
[[email protected] etc]# cat /etc/rsyslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
#uucp,news.crit /var/log/spooler
*.* /var/spool/rsyslog
# Save boot messages also to boot.log
local7.* /var/log/boot.log
Re: Nagios Log Server and syslogd
The format looks similar to newer versions, so that's good news. Please add this line to the bottom of /etc/rsyslog.conf:
This should allow sub-configurations to be loaded on start. Then restart rsyslog:
Let me know if this works for you.
Code: Select all
$IncludeConfig /etc/rsyslog.d/*.confCode: Select all
service rsyslog restartRe: Nagios Log Server and syslogd
I added the line, restarted the service, tried the command again, same thing:
[[email protected] etc]# bash setup-linux.sh -s 10.80.44.121 -p 5544 -f /tmp/steve.txt -t csappia21-tmp-steve.txt
Detected rsyslog 2.0.6
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 10.80.44.121:5544
Creating /etc/rsyslog.d/90-nagioslogserver_tmp_steve.txt.conf...
SELinux is disabled.
ERROR: rsyslog configuration check failed.
Not sure why it is still failing....
[[email protected] etc]# bash setup-linux.sh -s 10.80.44.121 -p 5544 -f /tmp/steve.txt -t csappia21-tmp-steve.txt
Detected rsyslog 2.0.6
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 10.80.44.121:5544
Creating /etc/rsyslog.d/90-nagioslogserver_tmp_steve.txt.conf...
SELinux is disabled.
ERROR: rsyslog configuration check failed.
Not sure why it is still failing....
Re: Nagios Log Server and syslogd
We can attempt to narrow down why it's failing by running the following:
This will validate your configuration file. Is there any issue reported when you run that command?
It's also likely worth running it on your primary conf file:
Code: Select all
rsyslogd -f /etc/rsyslog.d/99-nagioslogserver.conf -N 1It's also likely worth running it on your primary conf file:
Code: Select all
rsyslogd -f /etc/rsyslog.conf -N 1