Nagios log file time format

[bsivavani]

Hi,

We have observed that currently Nagios log file /usr/local/nagios/var/nagios.log is saving with EPOCH time format as shown below.

[1507118166] SERVICE ALERT: XXXX;WIN_Server_C_Drive_Usage;CRITICAL;HARD;5;C:\ - total: 50.00 Gb - used: 42.73 Gb (85%) - free 7.27 Gb (15%)
[1507118166] GLOBAL SERVICE EVENT HANDLER: XXXX;WIN_Server_C_Drive_Usage;CRITICAL;HARD;5;xi_service_event_handler
[1507118166] SERVICE EVENT HANDLER: XXXX;WIN_Server_C_Drive_Usage;CRITICAL;HARD;5;check_snow_service

Is it possible to change time to standard date and time format (Oct 4 13:28:10) ?

Kindly advice.

[eloyd]

Short version is no. This file is not really intended for reading by humans, it is intended to be parsed by the Nagios XI GUI for log file examination, which will then convert epoch time into local timezone time based on the Nagios XI settings.

[mcapra]

You could feed the log into Nagios Log Server if the end goal is something more human readable. Logstash even has a handy nagios filter for parsing those logs and installing Logstash plugins in Nagios Log Server is relatively simple.

Code: Select all

/usr/local/nagioslogserver/logstash/bin/plugin install logstash-filter-nagios

Granted it's adding a separate application+server to your environment. If you have an existing logging solution, the same basic concept should be applicable.

[eloyd]

We actually recommend installing NLS as a free install next to Nagios XI, send the Nagios XI log files to NLS, and then use NLS as an additional verification or "service check" to ensure that Nagios XI is actually running and working well. This is right along with what @mcapra is suggestion, and is basically a "set and forget" type thing (especially if you're virtualized).

[dwhitfield]

Thanks @mcapra and @eloyd!

@bsivavani, did you have any additional questions?

[bsivavani]

Short version is no. This file is not really intended for reading by humans, it is intended to be parsed by the Nagios XI GUI for log file examination, which will then convert epoch time into local timezone time based on the Nagios XI settings.

@eloyd - Can you guide me the Nagios XI settings where I can covert.

[eloyd]

I may not have been clear. There isn't a tool that will convert the format. I mean that when you view the event log from within Nagios, it will show you the times in your local timezone.

[gormank]

Convert Unix time to human readable
tail /usr/local/nagios/var/nagios.log | perl -pe 's/(\d+)/localtime($1)/e'
perl -pe 's/(\d+)/localtime($1)/e' < /usr/local/nagios/var/nagios.log | less

google is your friend :)

[dwhitfield]

Convert Unix time to human readable
tail /usr/local/nagios/var/nagios.log | perl -pe 's/(\d+)/localtime($1)/e'
perl -pe 's/(\d+)/localtime($1)/e' < /usr/local/nagios/var/nagios.log | less

While this is true, I want to make it clear that the nagios will still be printing to the log in epoch.

[eloyd]

As @dwhitfield said, this doesn't change the log file format.

We actually wrote a Perl library that parses the Nagios log file and allows for essentially field-based regex searching based on time, day, date, month, year, source, type, sequence number, and all sorts of other things. So if the original poster wants to just parse the log file, and perl script would be very capable of doing that.

If, however, which is what I thought they were asking, they'd like the log file to be in a human readable time/date format, then they are simply out of luck.

Convert Unix time to human readable
tail /usr/local/nagios/var/nagios.log | perl -pe 's/(\d+)/localtime($1)/e'
perl -pe 's/(\d+)/localtime($1)/e' < /usr/local/nagios/var/nagios.log | less

google is your friend