Nagios log server - Issues while adding network devices

[thanigaivel.a]

I'm trying to add network devices and trying to allow 514 syslog ports. As our network devices cannot use 5544 port, we are using 514 default syslog port.

however, getting configuration error while giving verify tab. Kindly help to fix it.

Attached the profile and /etc/sysconfig/logstash file

Code: Select all

[root@usa0300lv6332 tmp]# cat /etc/sysconfig/logstash
###############################
# Default settings for logstash
###############################

# Override Java location
#JAVACMD=/usr/bin/java

# Set a home directory
APP_DIR=/usr/local/nagioslogserver
LS_HOME="$APP_DIR/logstash"

# set ES_CLUSTER
ES_CLUSTER=$(cat $APP_DIR/var/cluster_uuid)

# Arguments to pass to java
#LS_HEAP_SIZE="256m"
LS_JAVA_OPTS="-Djava.io.tmpdir=$APP_DIR/tmp"

# Logstash filter worker threads
#LS_WORKER_THREADS=1

# pidfiles aren't used for upstart; this is for sysv users.
#LS_PIDFILE=/var/run/logstash.pid

# user id to be invoked as; for upstart: edit /etc/init/logstash.conf
#LS_USER=nagios
LS_USER=root
#LS_GROUP=nagios

# logstash logging
#LS_LOG_FILE=/var/log/logstash/logstash.log
#LS_USE_GC_LOGGING="true"

# logstash configuration directory
LS_CONF_DIR="$LS_HOME/etc/conf.d"

# Open file limit; cannot be overridden in upstart
#LS_OPEN_FILES=2048

# Nice level
#LS_NICE=0

# Increase Filter workers to 4 threads
LS_OPTS=" -w 4"

if [ "x$1" == "xstart" -o "x$1" == "xrestart" -o "x$1" == "xreload" ];then
        GET_LOGSTASH_CONFIG_MESSAGE=$( php /usr/local/nagioslogserver/scripts/get_logstash_config.php )
        GET_LOGSTASH_CONFIG_RETURN=$?
        if [ "$GET_LOGSTASH_CONFIG_RETURN" != "0" ]; then
                echo $GET_LOGSTASH_CONFIG_MESSAGE
                exit 1
        fi
fi
echo $(dirname $(find /usr/lib -name libjli.so)) > /etc/ld.so.conf.d/java.conf
eval "$(which ldconfig)"
setcap 'cap_net_bind_service=+ep' $(readlink -f $(which java))
[root@usa0300lv6332 tmp]#

[thanigaivel.a]

Profile added to the below dropbox link

https://www.dropbox.com/s/cdjtyuh05n2nv ... ar.gz?dl=0

[thanigaivel.a]

Attached config error screenshot

[cdienger]

The elasticsearch service isn't started for some reason. Try the following:

Code: Select all

service logstash stop
service elasticsearch stop
rm -rf /var/log/elasticsearch/*
rm -rf /var/log/logstash/*
service logstash start
service elasticsearch start

and test again. If you still have problems, please gather a new profile and attach it to a ticket - there seems to be multiple issues on this machine that may require a remote to look into.

[thanigaivel.a]

I've tried your steps but still not working.

can you please schedule for remote level support.

[cdienger]

Please open a ticket at https://support.nagios.com/tickets/ and we'll be able to take a closer look.