How to insert tagging (source tag) into the conf file

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
dlukinski
Posts: 1130
Joined: Tue Oct 06, 2015 9:42 am

How to insert tagging (source tag) into the conf file

Post by dlukinski »

Hello LOG Support

Please help with inserting source tag into the conf file attached
What would be the syntax to tag this source as "TEST" ?

---

figured one to be based of incoming port

trying to add port 4446 via iptables, but no success (no incoming data)
Please hep (recall some issues with LOG vs Firewall from the past
You do not have the required permissions to view the files attached to this post.
Top
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: How to insert tagging (source tag) into the conf file

Post by rkennedy »

I believe you'll actually want to tag it based on the input, on the NLS side.

Simply create a new input like this for port 4446 -

Code: Select all

tcp {
    type => 'yourtag'
    port => 3515
    codec => json {
        charset => 'CP1252'
    }
}
(replace yourtag with what you'd like to specify as the type.)
Former Nagios Employee
Top
dlukinski
Posts: 1130
Joined: Tue Oct 06, 2015 9:42 am

Re: How to insert tagging (source tag) into the conf file

Post by dlukinski »

rkennedy wrote:I believe you'll actually want to tag it based on the input, on the NLS side.

Simply create a new input like this for port 4446 -

Code: Select all

tcp {
    type => 'yourtag'
    port => 3515
    codec => json {
        charset => 'CP1252'
    }
}
(replace yourtag with what you'd like to specify as the type.)
Already had this one

Tried port 3516 instead (opened iptables, created & aplied global config), but could not get incoming flow (works with 3515)
Top
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: How to insert tagging (source tag) into the conf file

Post by rkennedy »

Just to make sure - did you apply configuration after making the change?

What is the output of iptables -L?
Former Nagios Employee
Top
dlukinski
Posts: 1130
Joined: Tue Oct 06, 2015 9:42 am

Re: How to insert tagging (source tag) into the conf file

Post by dlukinski »

rkennedy wrote:Just to make sure - did you apply configuration after making the change?

What is the output of iptables -L?
Here it is (actually most ports are not present; I am using -S instead which has different values)

[root@fikc-naglsprod01 /]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:rich-cp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:omnisky
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5544
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:krb524
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:upnotifyp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:must-backplane
ACCEPT tcp -- anywhere anywhere state NEW tcp dpts:vrace:sec-t4net-srv
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nsca
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nrpe
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smartcard-port

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@fikc-naglsprod01 /]#
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: How to insert tagging (source tag) into the conf file

Post by mcapra »

If other ports aren't working, but you can get traffic over 3515 just fine, another option would be to set fields directly in nxlog. You can do this by modifying the <Output> rule like so:

Code: Select all

Exec $tags='super_cool_tag';
Here's what my full Output looks like:

Code: Select all

<Output out>
    Module om_tcp
    Host 192.168.67.200
    Port 3515
	
	Exec $tags='super_cool_tag';
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
Former Nagios employee
https://www.mcapra.com/
Top
dlukinski
Posts: 1130
Joined: Tue Oct 06, 2015 9:42 am

Re: How to insert tagging (source tag) into the conf file

Post by dlukinski »

mcapra wrote:If other ports aren't working, but you can get traffic over 3515 just fine, another option would be to set fields directly in nxlog. You can do this by modifying the <Output> rule like so:

Code: Select all

Exec $tags='super_cool_tag';
Here's what my full Output looks like:

Code: Select all

<Output out>
    Module om_tcp
    Host 192.168.67.200
    Port 3515
	
	Exec $tags='super_cool_tag';
	
    Exec  $tmpmessage = $Message; delete($Message); rename_field("tmpmessage","message");
    Exec  $raw_event = to_json();
	
	# Uncomment for debug output
	# Exec file_write('%ROOT%\data\nxlog_output.log', $raw_event + "\n");
</Output>
Thank you,
please close this thread
Top
Locked

Return to “Nagios Log Server”