Remove Client

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
rlinux57
Posts: 324
Joined: Mon Dec 08, 2014 12:03 am

Re: Remove Client

Post by rlinux57 »

that's rsyslog.
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Remove Client

Post by hsmith »

Did you use the linux wizard inside of Nagios Log Server to generate rsyslog configuration files and put them on your client machine?
Former Nagios Employee.
me.
Top
rlinux57
Posts: 324
Joined: Mon Dec 08, 2014 12:03 am

Re: Remove Client

Post by rlinux57 »

I have run below command on client:

Code: Select all

bash setup-linux.sh -s NLSIP-Address -p 5544 -f "/usr/local/cpanel/logs/access_log" -t apachelogs
Output:

Code: Select all

Detected rsyslog 5.8.10
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: NLSIP:5544
Processing /usr/local/cpanel/logs/access_log file...
Creating /etc/rsyslog.d/90-nagioslogserver_usr_local_cpanel_logs_access_log.conf...
SELinux is disabled.
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Remove Client

Post by hsmith »

And nothing is showing up in NLS? Is there a firewall between the two devices?
Former Nagios Employee.
me.
Top
rlinux57
Posts: 324
Joined: Mon Dec 08, 2014 12:03 am

Re: Remove Client

Post by rlinux57 »

Nothing will be shown. Even i have disabled firewall.
CSF firewall, i have allowed NLS ip and port 5544
Last edited by rlinux57 on Thu Feb 18, 2016 5:18 pm, edited 1 time in total.
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Remove Client

Post by hsmith »

If you run a TCP dump on the Log Server, do you see anything coming in from port 5544 from that particular host? Did you make sure that it's both TCP and UDP port 5544 allowed through the firewall?
Former Nagios Employee.
me.
Top
rlinux57
Posts: 324
Joined: Mon Dec 08, 2014 12:03 am

Re: Remove Client

Post by rlinux57 »

How can i use tcpdump command ?
I have allowed both TCP and UDP
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Remove Client

Post by hsmith »

On NLS you'll first need to install it:

Code: Select all

yum -y install tcpdump
Then launch it to listen to traffic on port X from host Y(replace 10.10.10.10 with the actual IP address you should be getting logs from):

Code: Select all

tcpdump host 10.10.10.10 and port 5544
Former Nagios Employee.
me.
Top
rlinux57
Posts: 324
Joined: Mon Dec 08, 2014 12:03 am

Re: Remove Client

Post by rlinux57 »

I'm getting logs from tcpdump
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: Remove Client

Post by hsmith »

And they're nowhere in the NLS interface? What dashboard are you using to check? If you see them come in, there should be no reason they're not logging.

You can see a good breakdown of which logs are coming in by using this:
6.png
You do not have the required permissions to view the files attached to this post.
Former Nagios Employee.
me.
Top
Locked

Return to “Nagios Log Server”