Log Server doens't receive log

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
dotrong
Posts: 3
Joined: Wed Sep 02, 2015 11:56 am

Log Server doens't receive log

Post by dotrong »

Hello,
I currently install Nagios Log Server and server doesn't seem to receive syslog/trap even though trap and syslog are forwarded to it.
The server is listening on port of syslog and trap but dashboard showing nothing.
Have anyone same issue?

Thanks,
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Log Server doens't receive log

Post by jolson »

What kind of logs are you forwarding to Nagios Log Server, and on what port? Please verify that logs are reaching Nagios Log Server by running a tcpdump on the appropriate port:

Code: Select all

yum install tcpdump
tcpdump -n dst port <portnumber>
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
dotrong
Posts: 3
Joined: Wed Sep 02, 2015 11:56 am

Re: Log Server doens't receive log

Post by dotrong »

It's network devices syslog. We forward syslog message from a current centralized log server (syslog-ng) to Nagios Log server port 5544.
I'm testing by issuing logger command on another nagios server

logger -p local7.notice 'this is test'

tcpdump output on Nagios log server

tcpdump -i eth0 port 5544
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:09:19.378696 IP nagios1.57299 > Nagioslogserver.5544: Flags [P.], seq 2623934827:2623934883, ack 4124363618, win 115, options [nop,nop,TS val 950105481 ecr 3335455929], length 56
12:09:19.378824 IP Nagioslogserver.5544 > nagios1.57299: Flags [.], ack 56, win 501, options [nop,nop,TS val 3335480321 ecr 950105481], length 0
12:09:20.302025 IP nagios1.57299 > Nagioslogserver.5544: Flags [P.], seq 56:112, ack 1, win 115, options [nop,nop,TS val 950106404 ecr 3335480321], length 56
12:09:20.302115 IP Nagioslogserver.5544 > nagios1.57299: Flags [.], ack 112, win 501, options [nop,nop,TS val 3335481244 ecr 950106404], length 0
^C
4 packets captured
5 packets received by filter
0 packets dropped by kernel
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Log Server doens't receive log

Post by jolson »

Interesting. What happens if you try to send a couple of strings to a non-5544 port?

Code: Select all

printf 'Hello world, this is a test' | nc 192.168.x.x 2056
Replace 192.168.x.x with the IP of your Nagios Log Server device.
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
dotrong
Posts: 3
Joined: Wed Sep 02, 2015 11:56 am

Re: Log Server doens't receive log

Post by dotrong »

It's really weird. I deleted all nagioslog server directory and re-installed. It's working this time !
Not sure what caused the issue the first time ... but thanks for your support.
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Log Server doens't receive log

Post by hsmith »

Glad to hear it is working, is there anything else we can do for you?
Former Nagios Employee.
me.
Top
Locked

Return to “Nagios Log Server”