LS events export to Splunk

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
DataAssure
Posts: 34
Joined: Thu Jul 31, 2014 8:36 am

LS events export to Splunk

Post by DataAssure »

How to export Log Server events to Splunk? I read one user was able to accomplish that via Port#9997 but I couldn't anything in LS Admin & User Guide. Any ideas? Tx
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: LS events export to Splunk

Post by mcapra »

The below documentation assumes you are using Nagios Log Server 2.0+.

It sort of depends on some specifics of your Splunk architecture.

A very common way to forward messages from Logstash to Splunk generally is to use a syslog Logstash output rule pointed at a Splunk Heavy Forwarder or syslog aggregator:
https://www.elastic.co/guide/en/logstas ... yslog.html


I would provide documentation on how to configure additional outputs in Nagios Log Server if I could find any ;) This documentation has some of the same steps, except instead of Splunk it's forwarding to Nagios XI/Core as passive checks:
https://assets.nagios.com/downloads/nag ... bjects.pdf

Let us know if you have additional questions or something is unclear.
Former Nagios employee
https://www.mcapra.com/
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: LS events export to Splunk

Post by cdienger »

Thanks @mcapra

I've used the following to send data from NLS to a remote syslog server:

Code: Select all

  syslog {
    procid => "Nagios"
    facility => 'daemon'
    host => '10.50.121.180'
    port => '514'
    protocol => 'tcp'
    severity => 'informational'
    }
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
DataAssure
Posts: 34
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Post by DataAssure »

Tx guys! Will give that a try.
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: LS events export to Splunk

Post by dwhitfield »

Please let us know if you have any additional questions.
DataAssure
Posts: 34
Joined: Thu Jul 31, 2014 8:36 am

Re: LS events export to Splunk

Post by DataAssure »

We have Splunk Heavy Forwarder and will give that a try.
kyang

Re: LS events export to Splunk

Post by kyang »

Sounds good!

Let us know if you have any more questions.
Locked