Hourly Sending Check on Nagios Log Server 2.0
Hourly Sending Check on Nagios Log Server 2.0
I have an issue with some devices listed as not sending during the hourly sending check. I am checking logs on those devices and they are definitely up and running producing logs. Also, this happens quite randomly on different devices but mostly on our network devices. Would this be caused by a resource issue with our log server? Any ideas to rectify the issue would be greatly appreciated. Thanks!
-
kyang
Re: Hourly Sending Check on Nagios Log Server 2.0
Can you show us a screenshot of what you mean?
What hourly checks on Nagios Log Server from devices?
I don't quite understand what are you referring to?
Could you also PM or post your profile.
NLS home --> Admin --> System --> System Status --> Download System profile
Along with recent logs of this issue located here
What hourly checks on Nagios Log Server from devices?
I don't quite understand what are you referring to?
Could you also PM or post your profile.
NLS home --> Admin --> System --> System Status --> Download System profile
Along with recent logs of this issue located here
Code: Select all
/var/log/elasticsearch/*
/var/log/logstash/*Re: Hourly Sending Check on Nagios Log Server 2.0
In Nagios Log Server 2.0 Under the Unique Hosts Report, it lists all the hosts that are logging to the server. If you scroll further down and have devices that are not logging to the server you get a section called "Not Sending", where it lists hosts not sending during an hourly log sending check. I cannot take a screen shot since the log server is on our classified network but the "Not Sending" section has a blurb saying "This is a list of hosts that Log Server has received logs from in the past. Hosts in this list did not send any logs during the hourly log sending check. Last sending check was Thu, 08 Feb 2018 13:00:01 -0800."
-
kyang
Re: Hourly Sending Check on Nagios Log Server 2.0
Thanks for clarifying.
Could you PM or post your profile and the log files?
NLS home --> Admin --> System --> System Status --> Download System profile
The relevant log files located here.
Thanks.
Could you PM or post your profile and the log files?
NLS home --> Admin --> System --> System Status --> Download System profile
The relevant log files located here.
Code: Select all
/var/log/elasticsearch/*
/var/log/logstash/*Re: Hourly Sending Check on Nagios Log Server 2.0
I need some time to sanitize all classified information from the system profile and the logs.
-
kyang
Re: Hourly Sending Check on Nagios Log Server 2.0
No problem!
We will be here when you are ready.
We will be here when you are ready.
Re: Hourly Sending Check on Nagios Log Server 2.0
Attached is the information as requested as of 09FEB2018.
You do not have the required permissions to view the files attached to this post.
-
kyang
Re: Hourly Sending Check on Nagios Log Server 2.0
Thanks for info!
Is the network device sending from UDP or TCP?
Can you also tell me which port it is sending to?
If you could run a tcpdump and PM the pcacp file in your /tmp directory that would be very helpful.
Please change xxxx to the port the network device is sending to NLS.
You may have to install tcpdump.
Is the network device sending from UDP or TCP?
Can you also tell me which port it is sending to?
If you could run a tcpdump and PM the pcacp file in your /tmp directory that would be very helpful.
Please change xxxx to the port the network device is sending to NLS.
You may have to install tcpdump.
Code: Select all
yum -y install tcpdumpCode: Select all
tcpdump -s 0 -i any port xxxx -w tmp/389.pcapRe: Hourly Sending Check on Nagios Log Server 2.0
Network devices are sending UDP to port 5544 on the log server.
-
kyang
Re: Hourly Sending Check on Nagios Log Server 2.0
Is logstash and elasticsearch running?
Code: Select all
service logstash status
service elasticsearch status