Nagios Log Server and Winlogbeat

[Risk_CSR]

We have been looking into using Nagios Log Server for logging because we currently use it for other monitoring purposes. We are having some very serious problems with sending logs from our machines to the NagiosLogServer we have set up. All nxlog configuration files have been edited like this:

Code: Select all

## See the nxlog reference manual at 
## http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
 
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERT %ROOT%\cert
 
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
 
# Include fileop while debugging, also enable in the output module below
#<Extension fileop>
#    Module xm_fileop
#</Extension>
 
<Extension json>
    Module      xm_json
</Extension>
 
<Extension syslog>
    Module xm_syslog
</Extension>
 
<Input internal>
    Module im_internal
</Input>
 
# Watch your own files
<Input file1>
    Module   im_file
    File     '%ROOT%\data\nxlog.log'
    SavePos  TRUE
    Exec     $Message = $raw_event;
</Input>
 
# Windows Event Log
<Input eventlog>
# Uncomment im_msvistalog for Windows Vista/2008 and later
    Module im_msvistalog
 
# Uncomment im_mseventlog for Windows XP/2000/2003
#   Module im_mseventlog
</Input>

<Output out>
    Module om_tcp
    Host 10.25.26.191
    Port 3515
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
 
<Route 1>
    Path internal, file1, eventlog => out
</Route>

----------------------------------------------------------------------------------------------------------------------------------------------


Nagios Log Server currently knows that it is accepting logs from 'N' number of hosts, but logs are not being sent. Any advice?

We also thought of using Winlogbeat by Elastic Co. to send Windows Logs to the Elasticsearch server that Nagios Log Server uses. But we couldn't get that functioning properly either. Advice there?

Thanks!

[hsmith]

The 'receiving logs from X number of hosts' is not an accurate way to see how many hosts are working for sure. Are you getting any event logs in?

Winlogbeat is something that is untested by us, NXLog is generally the solution we use for Windows clients.

[Risk_CSR]

Currently we are testing out Nagios Log Server with 4 machines. We are getting very few logs. A few logon messages here and there. But mostly nothing.

[hsmith]

Have you ever had a Quickstart session for Nagios Log Server?

A quickstart is a one hour session with one of our technicians where we get you up and running, and show you how the product works. You only get one session, but it would be a good way to get on a remote/call with one of us and troubleshoot the issues you're having.

[tmcdonald]

Closing due to inactivity. Please let me know via PM if you would like this re-opened.