I've added 3 different hosts as log sources for a nagios log server (setup via OVF) and none of them are showing up in the dashboard.
ran the curl/setup-linux.sh on each client host.
next thing I did was verify that all 3 could talk to port 5544 (telnet to that port from the client, worked)
then, verify that rsyslog was sending packets to the nagios log server (tcpdump -n dst port 5544), they were
I am running linux in all cases
2.6.32-504.8.1.el6.centos.plus.x86_64
and
2.6.32-358.14.1.el6.x86_64
and rsyslogd 5.8.10.
Home section shows "Only receiving logs from 1 host." (same as it did when I first brought it up).
Am I missing some final configuration? I've watched the "how to add log source" tutorials and followed them completely as best I can tell.
trial issue, setup multiple sources, none showing up
Re: trail issue, setup multiple sources, none showing up
It sounds like everything is set up and running properly - is logstash running on the NLS server?
Did you use any special settings while running the setup.bash script?
Code: Select all
service logstash statusCode: Select all
tail /var/log/logstash/logstash.logRe: trail issue, setup multiple sources, none showing up
Here is what I got.jolson wrote:It sounds like everything is set up and running properly - is logstash running on the NLS server?Code: Select all
service logstash statusCode: Select all
tail /var/log/logstash/logstash.log
for the clients, no, is there another one on the OVF/nls side?jolson wrote:Did you use any special settings while running the setup.bash script?
Re: trail issue, setup multiple sources, none showing up
ucemike,
It doesn't look like your image came through - can you try that again please?
It doesn't look like your image came through - can you try that again please?
What I mean is which arguments did you use when running the bash script - the default arguments supplied from the 'Linux Source' page of NLS?for the clients, no, is there another one on the OVF/nls side?
Re: trail issue, setup multiple sources, none showing up
Try this onejolson wrote:ucemike,
It doesn't look like your image came through - can you try that again please?
http://www.evernote.com/l/ASDzTdL8eM9OO ... I5SR8vMyw/
Yeap, I just copy/pasted. (bash setup-linux.sh -s nagios-log1.hostNameHere -p 5544)jolson wrote:What I mean is which arguments did you use when running the bash script - the default arguments supplied from the 'Linux Source' page of NLS?for the clients, no, is there another one on the OVF/nls side?
Re: trail issue, setup multiple sources, none showing up
Looks like logstash is missing its configuration. Could you run an 'Apply Config' from the Web GUI and re-start logstash please?
You do not have the required permissions to view the files attached to this post.
Re: trail issue, setup multiple sources, none showing up
Applied and also manually restarted and here is the result.
http://www.evernote.com/l/ASASX_RiAQJET ... z82pWvtvc/
So far nothing has shown up in the events or anymore than 1 loghosts.
http://www.evernote.com/l/ASASX_RiAQJET ... z82pWvtvc/
So far nothing has shown up in the events or anymore than 1 loghosts.
Re: trail issue, setup multiple sources, none showing up
Good - looks like logstash is up and running. Can you verify that logs are still flowing with another tcpdump from the NLS side of things? If you navigate to 'Dashboards' and select 'Last 5 minutes', does anything populate?
You do not have the required permissions to view the files attached to this post.
Re: trail issue, setup multiple sources, none showing up
tcpdump seems to be showing them coming in:
10.0.0.X = client
10.1.0.X = NLS
(these are not the real IPs)
17:51:28.898409 IP 10.0.0.X.49648 > 10.1.0.X.5544: Flags [.], seq 25996:27444, ack 1, win 115, options [nop,nop,TS val 108678152 ecr 9930631], length 1448
Unfortunately the dashboard still shows nothing (used last 5 min as detailed)
http://www.evernote.com/l/ASAm9LfD5K5NK ... TifyN8-M4/
10.0.0.X = client
10.1.0.X = NLS
(these are not the real IPs)
17:51:28.898409 IP 10.0.0.X.49648 > 10.1.0.X.5544: Flags [.], seq 25996:27444, ack 1, win 115, options [nop,nop,TS val 108678152 ecr 9930631], length 1448
Unfortunately the dashboard still shows nothing (used last 5 min as detailed)
http://www.evernote.com/l/ASAm9LfD5K5NK ... TifyN8-M4/
Re: trail issue, setup multiple sources, none showing up
Interesting. Let's take a look at your logstash configuration. Please run the following on the CLI and report the output to us:
This should show us all of your logstash inputs, filters, and outputs - I would like to verify that they look correct.
How many nodes are in this cluster - is this a single node?
I'd like to see the output of this to ensure your output is configured properly:
On your clients, you may wish to restart rsyslog to see if that has any effect:
Also, let's look at one of your clients rsyslog configurations to ensure it's put together correctly:
Code: Select all
cat /usr/local/nagioslogserver/logstash/etc/conf.d/*How many nodes are in this cluster - is this a single node?
I'd like to see the output of this to ensure your output is configured properly:
Code: Select all
cat /usr/local/nagioslogserver/var/cluster_uuidCode: Select all
service rsyslog restartCode: Select all
cat /etc/rsyslog.conf
cat /etc/rsyslog.d/*log*