Hello Nagios team,
We have setup a new Nagios Log Server today and created the below conf file (based on the template provided by Nagios). We're trying to collect IIS log files from our host XXX.XXX.XXX.XXX and have not received them. We *are* receiving System Event Log files from the host successfully just not the IIS log files. Our conf file is below.
We have tried: Stopped/restarting nxlog service many times. Using telnet to successfully confirm that the client has connectivity on port 3515 to the server. Check the nxlog.log for errors and there are none.
Thanks for your guidance.
New NLS system, not receiving IIS logs
New NLS system, not receiving IIS logs
You do not have the required permissions to view the files attached to this post.
Re: New NLS system, not receiving IIS logs
Is there anything in /var/log/logstash/logstash.log ?
Are you trying to generate new logs? Sometimes the previous logs are not sent. That can be tweaked in NXLog.
Are you trying to generate new logs? Sometimes the previous logs are not sent. That can be tweaked in NXLog.
Former Nagios Employee.
me.
me.
Re: New NLS system, not receiving IIS logs
Not much in the logstash.log -- just two entries from a couple hours ago when we first installed:
{:timestamp=>"2016-05-18T12:30:54.531000-0700", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2016-05-18T12:30:54.558000-0700", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
Yes, we are successfully generating lots of events in the u_in160518.log file which Nagios is watching.
{:timestamp=>"2016-05-18T12:30:54.531000-0700", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2016-05-18T12:30:54.558000-0700", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
Yes, we are successfully generating lots of events in the u_in160518.log file which Nagios is watching.
Re: New NLS system, not receiving IIS logs
How are you searching for them on the dashboard? Can I see screenshots?
Former Nagios Employee.
me.
me.
Re: New NLS system, not receiving IIS logs
Mainly searching by timestamp. It is clearly not displaying log entries that we are seeing in the IIS log.
Another definitive test is searching by type (see attached) which shows that we only have syslogs and eventlogs -- no other types of logs
Another definitive test is searching by type (see attached) which shows that we only have syslogs and eventlogs -- no other types of logs
You do not have the required permissions to view the files attached to this post.
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: New NLS system, not receiving IIS logs
Try enabling debug logging to watch what logstash is doing.
Edit the file /etc/init.d/logstash
Find line 63:
Insert --debug after agent
Save the file and restart logstash
Now watch the log:
You are going to see a lot of logs, but you are trying to see if the logs are being received.
Remove --debug when done, otherwise a large file will be created.
Edit the file /etc/init.d/logstash
Find line 63:
Code: Select all
DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"Code: Select all
DAEMON_OPTS="agent --debug -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"Code: Select all
service logstash restartCode: Select all
tail -f /var/log/logstash/logstash.logRemove --debug when done, otherwise a large file will be created.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.