Hi support,
I have challenge by operation team that nagiosxi cannot view all history of log messages. This question I have already raise a call to nagios. They strongly recommend we use Nagios Log server. I have a question any integration between Nagiosxi and NLS.
Eg.
I am viewing the host information in nagiosxi. Does it has any function call NLS to return log history of the host?
Integration between Nagiosxi and NLS
Re: Integration between Nagiosxi and NLS
There is not currently a way to view the logs from within XI.
I will create a feature request for it for you, I think it would be a great feature to have.
Here is the example of the wizard and what you can monitor in XI:
Edit:
I will create a feature request for it for you, I think it would be a great feature to have.
Here is the example of the wizard and what you can monitor in XI:
Edit:
Code: Select all
NEW TASK ID 5843 created - Nagios XI Feature Request: Add ability to view Log Server records while viewing the host in XIYou do not have the required permissions to view the files attached to this post.
Re: Integration between Nagiosxi and NLS
There is nothing built-in that will return log information from Nagios LS to Nagios XI, but with a little bit of development it wouldn't be hard to achieve this result.
If you take a look at any Nagios Log Server query, you can press the 'inspect' button to get a curl command for that query.
Click inspect: The following curl query is revealed:
Using the above query on a remote host results in the following output:
In this way, a custom plugin could be designed to pull the information that you're requesting.
It's worth mentioning that we have a wizard in XI that will be able to run active checks against Nagios Log Server queries - but this default wizard doesn't return log results, it just returns an OK, WARNING, or CRITICAL depending on the amount of logs contained in the NLS query in question. For instance, you could have a NLS query for 'windows logins failed', and you'd set the warning threshold to 2 and critical to 5. If 6 logs are returned in that query, XI could alert you - you would still have to use the NLS GUI to see those exact logs though.
Best,
Jesse
If you take a look at any Nagios Log Server query, you can press the 'inspect' button to get a curl command for that query.
Click inspect: The following curl query is revealed:
Code: Select all
curl -XGET 'http://192.168.4.203/nagioslogserver/index.php/api/backend/logstash-2015.06.19,logstash-2015.06.18/_search?pretty&token=xxxxxxxxxxxxxxxxxxxxxxxxxxxx' -d '{
"facets": {
"0": {
"date_histogram": {
"field": "@timestamp",
"interval": "10m"
},
"global": true,
"facet_filter": {
"fquery": {
"query": {
"filtered": {
"query": {
"query_string": {
"query": "*"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1434643162210,
"to": 1434729562210
}
}
}
]
}
}
}
}
}
}
}
},
"size": 0
}'Code: Select all
{
"took": 10,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 10,
"failed": 0
},
"hits": {
"total": 208992,
"max_score": 1,
"hits": [
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "sMAiNig_Tt2YNiiBiXpimw",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php poller > \/usr\/local\/nagioslogserver\/var\/poller.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 00: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 00: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "32691",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "y0-7h57KR7q59mvpJp_stw",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 00: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 00: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "h_m68KJQQhCurW37_oeIrQ",
"_score": 1,
"_source": {
"message": "(root) CMD (run-parts \/etc\/cron.hourly)",
"@version": "1",
"@timestamp": "2015-06-19T00: 01: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 01: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "306",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "cWj5VIrVSTm4_iFDLg9qIg",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php poller > \/usr\/local\/nagioslogserver\/var\/poller.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 04: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 04: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "566",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "EuaW1lRmRCmfBd5ITN22LA",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 05: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 05: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "6tILP2vtTii4QLCnVfoDSg",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php poller > \/usr\/local\/nagioslogserver\/var\/poller.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 06: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 06: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "729",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "fZmDu1PLS9upm4KyDOEzNQ",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 06: 34.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 06: 34",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "uTh1CeHITC69VL0LeEtNXQ",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php jobs > \/usr\/local\/nagioslogserver\/var\/jobs.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 07: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 07: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "807",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "jEP1WMRZRsyLRvXY9kmq-g",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 13: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 13: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "m5alG91FRHKe5ZU0wVb9qw",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 14: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 14: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
}
]
}
}[It's worth mentioning that we have a wizard in XI that will be able to run active checks against Nagios Log Server queries - but this default wizard doesn't return log results, it just returns an OK, WARNING, or CRITICAL depending on the amount of logs contained in the NLS query in question. For instance, you could have a NLS query for 'windows logins failed', and you'd set the warning threshold to 2 and critical to 5. If 6 logs are returned in that query, XI could alert you - you would still have to use the NLS GUI to see those exact logs though.
Best,
Jesse
You do not have the required permissions to view the files attached to this post.