Hi We are trying to add the linux servers to the Nagios log server through syslog by adding the line “*.* @@sesklnglsidv02.astrazeneca.net:5544” which is sending all the logs to Nagios Log server.
But i want only critical ,warning and error logs to be sent to Nagios log server through the port 5544.
Can you please help what argument i have to enter for the filtering at the client end (Linux Server)
Syslog filtering in Unix servers
Re: Syslog filtering in Unix servers
The rule you are currently using:
Roughly means "match *.* (any facility, any severity) and send to @@sesklnglsidv02.astrazeneca.net:5544".
For example, if I only wanted to get WARNING, ERROR, and INFORMATION severities from the mail facility, I could do this:
Or if I only wanted to get CRITICAL, WARNING, and ERROR severities from any facility sent to a remote syslog server:
Code: Select all
*.* @@sesklnglsidv02.astrazeneca.net:5544A better place to make the change would be in the rsyslog configuration itself, since that is what dictates which logs of which severity on which facility get shipped to any given endpoint (be it the system log or a remote syslog server).anish wrote:But i want only critical ,warning and error logs to be sent to Nagios log server through the port 5544.
For example, if I only wanted to get WARNING, ERROR, and INFORMATION severities from the mail facility, I could do this:
Code: Select all
mail.info /some/log.file
mail.warn /some/log.file
mail.err /some/log.fileCode: Select all
*.crit;*.warn;*.err @@192.168.67.4:5544Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Syslog filtering in Unix servers
For HPUX and solaris servers we've updated the /etc/syslog.conf as recommended. Still it's not reporting in nagios. For few servers, it reported for few min immediately after enrolling and getting stopped in few minutes . Kindly suggest the solution.
*.* @@sesklnglsidv02.astrazeneca.net:5544
*.* @@sesklnglsidv02.astrazeneca.net:5544
Re: Syslog filtering in Unix servers
Hi Anish,
Please PM a copy of the the rsyslog servers that are having issues as well as a copy of the /var/log/logstash/logstash.log file found on the NLS server.
Please PM a copy of the the rsyslog servers that are having issues as well as a copy of the /var/log/logstash/logstash.log file found on the NLS server.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog filtering in Unix servers
Please find the attached /var/log/logstash/logstash.log file and i have tried adding the AIX by adding the command *.* @@sesklnglsidv02.astrazeneca.net:5544 in syslog.conf file . But the AIX servers are not getting reported and there is no error log on the aix server as well.
You do not have the required permissions to view the files attached to this post.
Re: Syslog filtering in Unix servers
Sorry, I meant to ask for copies of the syslog.conf. If you remove the configuration that was recommended do events start going to NLS again?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Syslog filtering in Unix servers
Hi ,
We tried adding the Aix server (seskanim01 ,10.54.120.13) to the Nagios log server sesklnglsidv01.astrazeneca.net. But the nagios log server is not receiving the logs from particular aix server.
Tried appended the line “*.* @@sesklnglsidv01.astrazeneca.net:5544” to syslog.conf and restarted the syslog service .
Tried appending various line like "*.* @sesklnglsidv01.astrazeneca.net " still the nagios log server is not receiving the logs . Stopped the iptables service on Nagios log server. Did checked the connectivity between the aix server and Nagios log server through port 5544.
Please find the syslog.conf file of the aix server.
aso.notice /var/log/aso/aso.log rotate size 1m files 8 compress
aso.info /var/log/aso/aso_process.log rotate size 1m files 8 compress
aso.debug /var/log/aso/aso_debug.log rotate size 32m files 8 compress
*.notice @SESKLVRLIF01.astrazeneca.net
*.info;auth.none /var/log/syslog rotate time 1m files 4
auth.info /var/log/authlog rotate time 1m files 4
kern.info /var/log/kern.log rotate time 1m files 4
caa.debug /var/adm/ras/syslog.caa rotate size 10m files 10 compress
## THis entry is for Vrealize loginsight
#*.info @SESKLVRLIF01.astrazeneca.net
*.* @sesklnglsidv01.astrazeneca.net
We tried adding the Aix server (seskanim01 ,10.54.120.13) to the Nagios log server sesklnglsidv01.astrazeneca.net. But the nagios log server is not receiving the logs from particular aix server.
Tried appended the line “*.* @@sesklnglsidv01.astrazeneca.net:5544” to syslog.conf and restarted the syslog service .
Tried appending various line like "*.* @sesklnglsidv01.astrazeneca.net " still the nagios log server is not receiving the logs . Stopped the iptables service on Nagios log server. Did checked the connectivity between the aix server and Nagios log server through port 5544.
Please find the syslog.conf file of the aix server.
aso.notice /var/log/aso/aso.log rotate size 1m files 8 compress
aso.info /var/log/aso/aso_process.log rotate size 1m files 8 compress
aso.debug /var/log/aso/aso_debug.log rotate size 32m files 8 compress
*.notice @SESKLVRLIF01.astrazeneca.net
*.info;auth.none /var/log/syslog rotate time 1m files 4
auth.info /var/log/authlog rotate time 1m files 4
kern.info /var/log/kern.log rotate time 1m files 4
caa.debug /var/adm/ras/syslog.caa rotate size 10m files 10 compress
## THis entry is for Vrealize loginsight
#*.info @SESKLVRLIF01.astrazeneca.net
*.* @sesklnglsidv01.astrazeneca.net
Re: Syslog filtering in Unix servers
What did you use to test the connectivity between the AIX machine and NLS? A "telnet NLS 5544" would establish a tcp session, but I've read that AIX's syslog doesn't always support TCP. If TCP is not supported you'll need to use the format:
--- one @ is for UDP and two @ is for TCP
or in some cases I've seen:
[code>*.* @<sesklnglsidv01.astrazeneca.net:5544>
Also check that the udp port is open on NLS with:
and you should see a result like:
Code: Select all
*.* @sesklnglsidv01.astrazeneca.net:5544 or in some cases I've seen:
[code>*.* @<sesklnglsidv01.astrazeneca.net:5544>
Also check that the udp port is open on NLS with:
Code: Select all
netstat -na | grep 5544Code: Select all
udp6 0 0 :::5544 :::*As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.