Nagios - Additional output

[tcsdi]

Hi Support

We would like to seek assistance for configuring our Nagios Log Server.

We were planning to add additional log sources that our Nagios server can output.

May we have a kb on how to edit the configurations ?

Also I have a question:

1.) Is it possible to reuse an output port that is now already being used as an output from another source?

2.) If I have a source ".90" and it is output to another server via port 1555. ?

3.) Can I used the same port to output another source ".91" ?

Looking forward to hearing from you !

Regards
TCSDI

[npolovenko]

Hello, @tcsdi. This guide should get you started on adding various Log Sources to the Log Server.
https://assets.nagios.com/downloads/nag ... Server.pdf

To answer your questions, could you clarify if you're trying to send multiple outputs from different types of sources to the same port in the Log Server? That is possible as long as the output from all sources is in the same format.

[tcsdi]

Hi npolovenko,

Can I also have a document on how to output these log sources.

I think the issue I'm having is we are having new log sources but unable to output these logs to our SOC.

Kindly get the system profile here:
https://we.tl/t-rjoTJwCQ2b

Regards,
Christian

[npolovenko]

@tcsdi, Here's the document on all available types of outputs in Logstash:
https://www.elastic.co/guide/en/logstas ... ugins.html

In the log server to see the list of outputs or define a new one, you can go to the Configure menu and then click on the "Show Outputs" button in the right corner.

Untitled.png

[tcsdi]

Hi @npolovenko,

About the image, I tried adding/configuring outputs but it fails.

After I add the outputs, should it also show on conf.d? Can you also send me the KB/document on how to configure the outputs.

For example:

1. how to configure and output logs from a file server with IP 10.5.99.X.

2. or how to configure and output logs from a proxy server with IP 10.5.98.X

[ssax]

The output filters are logstash outputs and there isn't currently a guide on this.

What type of output is your SOC expecting?

https://www.elastic.co/guide/en/logstas ... ugins.html

[tcsdi]

Hi Technical Team

I'm referring to this configs:


Also, the outputs I configured on global output doesn't seem to work.

Regards,
Christian

[ssax]

I don't have any dnslog types but if it change it to syslog it works:

Code: Select all

if [type] =~ /(syslog)/ {
	syslog {
		host => "X.X.X.X"
		port => 1523
		sourcehost => "X.X.X.X"
	}
}

Did you apply configuration after saving?

Can you verify with tcpdump on the remote system?
- Change ens160 to your proper interface (ifconfig or ip address)

Code: Select all

yum install tcpdump
tcpdump -nnXSs 0 -i ens160 dst port 1523

[tcsdi]

Hi Support

For the AD server, we receive event logs but not dns logs.

We did not make any changes on the config, what could possibly be the reason for this?

Regards,

[ssax]

Because you NEED to make changes to the nxlog config to get the things you want:

https://nxlog.co/documentation/nxlog-us ... erver.html