Hi All
Is it possible to configure a list of IPs for the Input in Naigos Log Server?
We would like to tag the syslogs coming from some IPs as "netwok-syslog" .
We can't use Port, as we are not allowed to change the default Port for syslog in some Network Devices.
Thank you in advance for your help.
Cheers,
Murat
IP Range in Input
IP Range in Input
Last edited by comfone on Thu May 19, 2016 4:19 am, edited 1 time in total.
Re: IP Range in Input
Yes, you can match on incoming IP and then tag that in the input filter. However, it may be easier to send the data pre-tagged from the sending side. The easiest way is to use the included script on the home page of your NLS installation (http://xx.xx.xx.xx/nagioslogserver/source-setup) which goes like this:
The tag is the -t part at the end, which you can change to your heart's content.
Or, you can go command-line and change the /etc/rsyslog.d/ files to change the tag to match what you need on each machine.
Personally, I'd go with the last option since it's guaranteed to work and you don't have to manage changing IPs from within a grok filter inside the NLS input filters.
Code: Select all
curl -s -O http://xx.xx.xx.xx/nagioslogserver/scripts/setup-linux.sh
bash setup-linux.sh -s xx.xx.xx.xx -p 5544 -f "/var/log/httpd/error_log" -t apache_error
bash setup-linux.sh -s xx.xx.xx.xx -p 5544 -f "/var/log/httpd/access_log" -t apache_access
Or, you can go command-line and change the /etc/rsyslog.d/ files to change the tag to match what you need on each machine.
Personally, I'd go with the last option since it's guaranteed to work and you don't have to manage changing IPs from within a grok filter inside the NLS input filters.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: IP Range in Input
Thanks eloyd - OP, lets us know if there are any other questions -
Be sure to check out the Knowledgebase for helpful articles and solutions!
Re: IP Range in Input
Hi
Thank you for the information and and help.
Can you still show me how to tag it on the Input.
Thank you.
Thank you for the information and and help.
Can you still show me how to tag it on the Input.
Thank you.
Re: IP Range in Input
Short version: Go to Administration | Global Configuration and look at your filters. You'll probably want to add another filter that matches data according to source and then mutates it to add a new tag. Details can be found at https://www.elastic.co/guide/en/logstas ... te-add_tag
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: IP Range in Input
I was looking for a way to do it in the input itself and didn't come across much. The filter method is likely how it's going to need to be done.
Former Nagios Employee.
me.
me.
Re: IP Range in Input
Unless you come in on different ports, which was specifically not allowed, you cannot tag it differently in the input. Must be done in filter. Which is pretty easy - if ip matches whatever, then mutate and add tag whatever_tag.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: IP Range in Input
Correct. I'm not sure why they don't have something like that in LS inputs, it would be neat.
Former Nagios Employee.
me.
me.
Re: IP Range in Input
Because LS inputs are not the same as LS filters. 
LS works by bringing data in (input), passing it through filters (filter) and then sending it to an output (in NLS's case, elasticsearch). So having inputs do filtering is just plain crazy!!!
LS works by bringing data in (input), passing it through filters (filter) and then sending it to an output (in NLS's case, elasticsearch). So having inputs do filtering is just plain crazy!!! Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!