Sorry for the newb question as I am still trying to figure out the capabilities of the Nagios Log server.
I have a solaris zone with 3 applications that create their own log files. Is there a way to send these log files to the nagios log server?
Sending logs to Nagios Log Server from Solaris zone
Re: Sending logs to Nagios Log Server from Solaris zone
Yes. Any modern syslog daemon (rsyslog for instance) can be used to send logs to the local host as files, and to a remote host. Log Server doesn't do anything to the host, the host just sends data to the Log Server. You may need a man page for your systems's specific syslog service.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Sending logs to Nagios Log Server from Solaris zone
Why would you think that the log server would do anything to remote host? Please explain your inference regarding this -
If you know the syntax for syslog to send a file to a remote host it would be much appreciated. Also wouldn't this be problematic in sending out notifications that need to be processed immediately?Log Server doesn't do anything to the host, the host just sends data to the Log Server.
Re: Sending logs to Nagios Log Server from Solaris zone
I don't think that NLS needs to do anything to the remote host. I was clarifying for you, in case there was any confusion that Nagios Log Server needed to "do something" to the host you wanted to monitor. Apparently, all I did was confuse things. Sorry about that! 
It sounds like you may need a primer on what NLS does. It accepts data (log information) from other hosts. It then indexes it and allows for searches to made against that data. Unless you then go further to make it automatically scan the indexed data to search for specific queries and alert on them, there are no alerts generated. Just like other Nagios products, you have a number of configuration options as far as how to do alerts and search for matching (or non-matching) patterns in the data.
Log file information is typically not something that "[sends] out notifications that need to be processed immediately." Unless you are looking for security issues like login failures. Still, you can specify an alert that checks every few seconds and scans a security log looking for login failures, and then send an alert when you find one. So unless I am misunderstanding you, that should take care of that problem.
The bigger problem is getting data into NLS in the first place. You'll need to tell your existing computer to send syslog data to NLS port 5544 (by default). You can optionally tell it to continue to log to the local syslog file (or other file). It's been a long time since I've played with Solaris, so I can't give you specifics, but I'm sure you're not the first person to use syslog on Solaris to send to a remote syslog server. In the end, that's all NLS is - a remote syslog server.
It sounds like you may need a primer on what NLS does. It accepts data (log information) from other hosts. It then indexes it and allows for searches to made against that data. Unless you then go further to make it automatically scan the indexed data to search for specific queries and alert on them, there are no alerts generated. Just like other Nagios products, you have a number of configuration options as far as how to do alerts and search for matching (or non-matching) patterns in the data.
Log file information is typically not something that "[sends] out notifications that need to be processed immediately." Unless you are looking for security issues like login failures. Still, you can specify an alert that checks every few seconds and scans a security log looking for login failures, and then send an alert when you find one. So unless I am misunderstanding you, that should take care of that problem.
The bigger problem is getting data into NLS in the first place. You'll need to tell your existing computer to send syslog data to NLS port 5544 (by default). You can optionally tell it to continue to log to the local syslog file (or other file). It's been a long time since I've played with Solaris, so I can't give you specifics, but I'm sure you're not the first person to use syslog on Solaris to send to a remote syslog server. In the end, that's all NLS is - a remote syslog server.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Sending logs to Nagios Log Server from Solaris zone
Thanks for the explanation @eloyd!
@emartine - do you have rsyslog installed on the machine? If not, what are you using for your syslogs?
An general example, would be to add the following to your rsyslog configuration file -
@emartine - do you have rsyslog installed on the machine? If not, what are you using for your syslogs?
An general example, would be to add the following to your rsyslog configuration file -
Code: Select all
# ### begin forwarding rule ### NAGIOSLOGSERVER
#
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@192.168.3.190:5544
# ### end of the forwarding rule ###
Former Nagios Employee
Re: Sending logs to Nagios Log Server from Solaris zone
syslog is installed on solaris 10.
Re: Sending logs to Nagios Log Server from Solaris zone
From the Home screen of NLS, Click the 'Linux Source' Icon / text, and then under 'Set Up More Sources', click 'Linux Files'.
From there, you can follow either the Script setup (which will make the changes for you), or the Manual setup. Both ways are pretty straight forward.
An example for the script setup. You will want to change the path part, /path/to/file /path/to/another/file/*.log and what the FILE_TAG is set to.
From there, you can follow either the Script setup (which will make the changes for you), or the Manual setup. Both ways are pretty straight forward.
An example for the script setup. You will want to change the path part, /path/to/file /path/to/another/file/*.log and what the FILE_TAG is set to.
Code: Select all
curl -s -O http://192.168.3.190/nagioslogserver/scripts/setup-linux.sh
bash setup-linux.sh -s 192.168.3.190 -p 5544 -f "/path/to/file /path/to/another/file/*.log" -t FILE_TAG
Former Nagios Employee
Re: Sending logs to Nagios Log Server from Solaris zone
Problem with this script it that I am going to be running it on solaris. I am assuming that is what you want me to do. Compatibility is of course always a problem... so I need to dig through it and find out what exactly you want me to do here.
As I've mentioned before this works fine on a Linux server.
As I've mentioned before this works fine on a Linux server.
Re: Sending logs to Nagios Log Server from Solaris zone
It should be a similar process to other Linux machines. http://unix.stackexchange.com/questions ... ote-system
Former Nagios Employee.
me.
me.