Import from log file does not show any results

[gsl_ops_practice]

Hello,

I am trying to import log files from 23rd of may, following the instructions as specified in the "Import from file" page. The import appears to succeed, the index grows, but I am not seeing anything in the dashboard regardless of what date range I try, last 30 days or last year. Running latest version, clean deploy from an OVF, log file I am importing is 150MB.

Any thoughts?

Thanks,
Alex

[jolson]

Could you please post the rsyslog configuration that you're using as well as an excerpt from the file you're attempting to import?

Code: Select all

cat /etc/rsyslog.d/*.conf

[gsl_ops_practice]

Hello,

I am not using rsyslog at all, just doing manual imports for analysis.

File excerpt is below:

Code: Select all

00:00:01.810 1810     1 DOCQ:/000176 XX  XX  24 XX1111      0      0      0      0              0  N  P  1 1-RGG 21 0-CG OK   H..012345678
00:00:01.810 1810     1 DOCS:/PRS/28 XX  XX  24 XX1111      8      0      0      0          ZZ  1  N  P  1 1-RGG 21 2-C+AP OK H..012345678
00:00:02.904 2904     1 DOCQ:/000176 YY  YY  24 YY1250      0      0      0      0      N  P  1 1-RGG 21 0-CG OK   H..012345679

[gsl_ops_practice]

I just realized there is no date at the beginning of each log line. I added the that manually and tried the import again, same results, nothing shows up in the dashboard.

Code: Select all

2015-05-23 00:00:01.810 1810     1 DOCQ:/000176 XX  XX  24 XX1111      0      0      0      0              0  N  P  1 1-RGG 21 0-CG OK   H..012345678
2015-05-23 00:00:01.810 1810     1 DOCS:/PRS/28 XX  XX  24 XX1111      8      0      0      0          ZZ  1  N  P  1 1-RGG 21 2-C+AP OK H..012345678
2015-05-23 00:00:02.904 2904     1 DOCQ:/000176 YY  YY  24 YY1250      0      0      0      0      N  P  1 1-RGG 21 0-CG OK   H..012345679

[jolson]

Can you show me the command you're using to import those logs? I'll try and reproduce this on my end.

[gsl_ops_practice]

Code: Select all

python shipper.py -f application.log.2015-05-23 program:apptrv2 | netcat 10.10.10.10 2057

[jolson]

I received them in the GUI instantly with a timestamp of today when I shipped them.

I created a file called 'testfile' and put your log lines inside of it. I then ran the following command:

Code: Select all

python shipper.py -f testfile program:apptrv2 | nc 192.168.x.x 2057

2015-06-02 14_40_51-Dashboard • Nagios Log Server - Firefox Developer Edition.png

Where are you shipping the logs from? If you're shipping them from NLS itself, try using 127.0.0.1 instead of the private IP. Ensure that port 2057 is open using telnet:

Code: Select all

telnet nls.server.ip 2057

[gsl_ops_practice]

I shipping the logs from a different host, port 2057 responds to telnet as it should.

Code: Select all

telnet 10.0.xx.xx 2057
Trying 10.0.xx.xx...
Connected to 10.0.xx.xx.
Escape character is '^]'.

Can you please tell me where you got the screenshot you posted? I am looking just in the dashboard and it is empty.

I re-ran the test with exactly the same data I posted, as per below, nothing shows up in the dashboard.

Code: Select all

python shipper.py -f test.log program:test | netcat 10.0.xx.xx 2057

[jolson]

I navigated to the 'Dashboard' screen in Nagios Log Server. Picture below.

2015-06-02 14_58_29-Dashboard • Nagios Log Server - Firefox Developer Edition.png

The dashboard should be filling up with logs even if you have no host pointed to it - by default NLS will log to itself. Your logs should show up there with the rest of them.

Could you try shipping the logs from NLS itself? How did the telnet test go?

[gsl_ops_practice]

Ok, we have another issue then. I deployed this from an OVF template on an ESX host, and as you said Nagios Log Server is supposed to log its own syslog entries, but that is not happening. I have 0 events and it is not changing since deployment 2 hours ago.

If this is on a private network without internet access, can it make any difference?