Nagios log server not receving logs

[syedali]

Hi Support Team,

We've encountered an error in our Nagios log server where in the server is not receiving logs from sources.

What I 've tried so far:

1) checked the config file /etc/rsyslog.d/99-nagioslogserver.conf the entry shows *.*localhost:5544
2) checked if Firewall is not blocking the traffic
3) rsyslog service shows as active, followed by an error as follows :
4) Followed the KB but no luck :https://support.nagios.com/kb/article.php?id=38

rsyslogd[107876]: cannot connect to servername:5544: Connection refused [v8.35.0 try htt
p://www.rsyslog.com/e/2027 ]

rsyslog debug logs.txt

attached are the debug and logstash logs for your reference. Your help on this will be much appreciated.

Logstash logs:

rsyslog debug logs.txt

Error Logs:

rsyslog_error.txt

Thanks,
Syed

[cdienger]

There are problems with logstash being able to bind to 5544 as 5544 appears to already be in use. Try stopping logstash with:

service logstash stop

make sure that port 5544 is not being used:

netstat -nap | grep 5544

and if that doesn't show port 5544 in use, restart logstash with:

service logstash start

[jslawrenc]

I work with Syed and we were able to get to root cause yesterday. Entries were added in the core config which seemed to create conflicts.
Possibly a port being defined twice. What made this challenging is LMS seem to run for days under this config and the error logs we audited somewhat put us on a wild goose chase. Just sharing what we found in case anyone trips over this down the road.

[scottwilkerson]

I work with Syed and we were able to get to root cause yesterday. Entries were added in the core config which seemed to create conflicts.
Possibly a port being defined twice. What made this challenging is LMS seem to run for days under this config and the error logs we audited somewhat put us on a wild goose chase. Just sharing what we found in case anyone trips over this down the road.

Thanks for coming back and sharing your findings