output log to another log server

pccwglobalit · Post by **pccwglobalit** » Tue Sep 08, 2015 9:04 pm

we have setup all hosts to transfer the log to nagioslogserver. however, we also need forward all the log to another syslog servers. will that be possible?

Post by **Box293** » Tue Sep 08, 2015 10:21 pm

pccwglobalit wrote:we have setup all hosts to transfer the log to nagioslogserver.

How are they forwarding the logs to Nagios Log Server? Are these windows or linux servers?

pccwglobalit · Post by **pccwglobalit** » Wed Sep 09, 2015 2:13 am

Hi,

We want to forward the logs from Nagios log server to other syslog server, here is the similar thread - https://support.nagios.com/forum/viewto ... 37&t=32145

but not sure how to get it added to the config, get we ask Nagios?

output {
syslog {
appname => 'XXXGlobal-IT'
codec => 'plain'
facility => 'syslogd'
host => 192.168.1.23
msgid => 'nls3'
port => '514'
procid => '-'
protocol => 'udp'
rfc => 'rfc3164'
severity => 'informational'
sourcehost => '%{host}'
tag => 'XXXGlobal-IT'
workers => '5'
}
}

Gives this error

{:timestamp=>"2015-09-08T18:18:26.654000+0000", :message=>"The error reported is: \n Couldn't find any output plugin named 'syslog'. Are you sure this is correct? Trying to load the syslog output plugin resulted in this error: no such file to load -- logstash/outputs/syslog"}

Any idea?

Regards,

Vincent

ssax · Post by **ssax** » Wed Sep 09, 2015 9:18 am

Did you install the plugin?

Code: Select all

/usr/local/nagioslogserver/logstash/bin/plugin install logstash-output-syslog

pccwglobalit · Post by **pccwglobalit** » Wed Sep 09, 2015 8:36 pm

We need install this plugin on every node?
after install, what output filter we need put?
thanks

pccwglobalit · Post by **pccwglobalit** » Thu Sep 10, 2015 7:28 am

we have installed output and apply it.
however, we cannot start logstash.
there is error

TypeError: can't convert nil into String

pccwglobalit · Post by **pccwglobalit** » Thu Sep 10, 2015 7:32 am

we are using the following config

syslog {
appname => 'ABCD'
codec => 'plain'
host => '192.168.1.190'
facility => 'syslogd'
port => '514'
protocol => 'udp'
severity => 'informational'
sourcehost => '%{host}'
}

jolson · Post by **jolson** » Thu Sep 10, 2015 12:21 pm

To start with, I'd set up a UDP output, which is more simple to setup and will achieve the same results. The syslog output (if it's anything like the syslog input) may apply a filter before the output of information occurs.

You can send messages compliant with RFC3164 or RFC5424 UDP or TCP syslog transport is supported

Try the following configuration instead:

Code: Select all

udp {
    host => '192.168.1.190'
    port => '514'
}

This will take all of your information (as it is, after it passes through your inputs/filters) and export it to 192.168.1.190:514 via UDP.

pccwglobalit · Post by **pccwglobalit** » Fri Sep 11, 2015 1:48 am

thanks. it is working now.

hsmith · Post by **hsmith** » Fri Sep 11, 2015 8:56 am

pccwglobalit wrote:thanks. it is working now.

Are we all right to mark this one resolved and close it?

Nagios Support Forum

output log to another log server

output log to another log server

Re: output log to another log server

Re: output log to another log server

Re: output log to another log server

Re: output log to another log server

Re: output log to another log server

Re: output log to another log server

Re: output log to another log server

Re: output log to another log server

Re: output log to another log server