Configure Exim MailServer Logs With NLS

[rlinux57]

Is there any way to monitor exim logs with NLS ?

[hsmith]

Is the server capable of pushing its logs out over the network?

[rkennedy]

Yes, you should be able to use the Linux File Setup which will produce a command similar to this in your environment.

Code: Select all

curl -s -O http://nlsip/nagioslogserver/scripts/setup-linux.sh
bash setup-linux.sh -s nlsip -p 5544 -f "/path/to/exim/logdir/*.log" -t FILE_TAG

[rlinux57]

Thanks, i'm working over it and let you know after any outcome.

[rkennedy]

Sounds good! We'll be awaiting your response.

[rlinux57]

Logstash service not working, getting below error:

Code: Select all

[root@logs ~]# /etc/init.d/logstash restart
Restarting Logstash Daemon:                                [FAILED]
WARNING: Default JAVA_OPTS will be overridden by the JAVA_OPTS defined in the environment. Environment JAVA_OPTS are -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
/etc/init.d/logstash: line 99: [: 18169: unary operator expected

Moreover i have run the script as it is that you have mentioned, is it run successfully ? :

Code: Select all

bash setup-linux.sh -s nlsip -p 5544 -f "/var/log/exim_mainlog" -t FILE_TAG
Detected rsyslog 5.8.10
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: nlsip:5544
Processing /var/log/exim_mainlog file...
Creating /etc/rsyslog.d/90-nagioslogserver_var_log_exim_mainlog.conf...
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.

[hsmith]

Logstash service not working, getting below error:

Can you post the output of this command?

Code: Select all

tail -n200 /var/log/logstash/logstash.log

Moreover i have run the script as it is that you have mentioned, is it run successfully ? :

Looks successful to me.

[jolson]

Moreover i have run the script as it is that you have mentioned, is it run successfully ? :

Yes, it looks like the script has succeeded.

Logstash service not working, getting below error:

I have seen this before - I'd like to know if any of these options work for you:

Code: Select all

service logstash start
systemctl start logstash
service logstash status
systemctl status logstash

[rlinux57]

There's nothing in /var/log/logstash:

Code: Select all

[root@logs ~]# ll /var/log/logstash/
total 0

Code: Select all

[root@logs ~]# service logstash start
Starting Logstash Daemon: WARNING: Default JAVA_OPTS will be overridden by the JAVA_OPTS defined in the environment. Environment JAVA_OPTS are -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
/etc/init.d/logstash: line 99: [: 21959: unary operator expected

Code: Select all

[root@logs ~]# service logstash status
Logstash Daemon dead but pid file exists

[jolson]

How did you set up Nagios Log Server initially - via VM template or manually?

Is elasticsearch running before you attempt to start Logstash?

Code: Select all

service elasticsearch start

I'd like to see this file:

Code: Select all

cat /etc/sysconfig/logstash

Did you attempt to upgrade Logstash or Elasticsearch from our default versions? I've seen this issue happen in testing when I tried to move Logstash to >=2.0