Hello,
I've been running the Nagios Logs trial, I must say I'm quite enjoying the product. I'm coming from an open source ELK stack so the ability to have email alerts is a huge selling point for me.
I have a few questions I was hoping to get some input on:
1. Our development team has an internal application that uses the Elasticsearch Java API to query for certain logs, is there any discrepancy between the Elasticsearch bundled with the Nagios Logs VM image and a stock install of Elasticsearch?
2. Is it possible to further configure index retention via the GUI? I see the option to delete all indexes older than X number of days but we were hoping to customize that based off index data.
For number 2 I presume this would have to be done via the ES REST API as a cronjob on the server, or the Logstash config modified to grok certain attributes of a syslog message and submit to a separate index. Perhaps I'm missing something though.
Thanks for any input!
Trial User - A few questions
Re: Trial User - A few questions
Answer to #2 is, currently, "no." No fine tuning of indexes, I'm afraid.
Answer to #1 is, "likely." A specific version of logstash and elasticsearch was included in NLS and there are changes from stock OSS. However, you won't hurt anything by poking at the API, so feel free to try it out!
Answer to #1 is, "likely." A specific version of logstash and elasticsearch was included in NLS and there are changes from stock OSS. However, you won't hurt anything by poking at the API, so feel free to try it out!
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Trial User - A few questions
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Trial User - A few questions
Awesome thanks for the info, in regards to " A specific version of logstash and elasticsearch was included in NLS and there are changes from stock OSS", what version of Logstash and ES would this be exactly? I want to be able to make sure I'm reviewing the right documentation for the API.
Thanks,
Ciaran
Thanks,
Ciaran
Re: Trial User - A few questions
As of version 1.4.2:
Code: Select all
Nagios Log Server 1.4.2
Elasticsearch 1.6.0
Logstash 1.5.1
Kibana 3.1.1-nagios3
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Trial User - A few questions
Elasticsearch 1.6
Logstash 1.5.1
Edit: obviously @mcapra beat me to it.
Logstash 1.5.1
Edit: obviously @mcapra beat me to it.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Trial User - A few questions
Thanks @eloyd!
@ciaranrh - let us know if you have further questions.
@ciaranrh - let us know if you have further questions.
Former Nagios Employee
Re: Trial User - A few questions
Another question if I may (I'll likely have a few more, so the patience is appreciated).
Is NagiosXI there was a way to add a root CA in the web GUI to allow SSL encryption of LDAP/AD traffic, does NLS offer a similar feature? I can't seem to locate the option to myself in the NLS web GUI.
Thanks,
Ciaran
Is NagiosXI there was a way to add a root CA in the web GUI to allow SSL encryption of LDAP/AD traffic, does NLS offer a similar feature? I can't seem to locate the option to myself in the NLS web GUI.
Thanks,
Ciaran
Re: Trial User - A few questions
Not through the web GUI. You should be able to install the root CA on the system through the CLI though.
From the LDAP/AD page:
From the LDAP/AD page:
Code: Select all
If you're planning on using SSL or TLS with self-signed certificates you need to make sure the proper certificates are installed on the Nagios Log Server server or you will not be able to connect to your LDAP / Active Directory server.Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/