I am trying to set up my nagios server to forward logs to our corporate log server. We do not need to store them, we just need to forward them.
So I want to collect logs from various devices and then forward them on, they need to have the timestamp, hostname/IP, and ID (which is just a long strong of numbers) that is specific to the device. How would I set up the output for this?
thank you!
Forwading Logs
Re: Forwading Logs
You will need to setup a logstash output, please see here:
https://support.nagios.com/forum/viewto ... 38&t=54002
Something like this should work:
- The IP should be in the host field
- The syslog output will automatically generate a unique ID and put it in there as well
See here as well:
https://www.elastic.co/guide/en/logstas ... yslog.html
https://support.nagios.com/forum/viewto ... 38&t=54002
Something like this should work:
- The IP should be in the host field
- The syslog output will automatically generate a unique ID and put it in there as well
Code: Select all
syslog {
host => "X.X.X.X"
port => XXX
sourcehost => "X.X.X.X"
}https://www.elastic.co/guide/en/logstas ... yslog.html
-
angelaowens
- Posts: 10
- Joined: Wed May 01, 2019 7:09 am
Re: Forwading Logs
I am completely new to this. Do I need to also set up a filter? I need each host to get a certain ID. I guess I am just trying to figure out the best way to do this. I just need to gather the logs and then forward them to our corporate log server that archives all of them. But each log needs to have an ID appended to it so the corporate servers knows where to put the logs.
Re: Forwading Logs
Go to Configure > Global Config:
- Click Show Outputs
- Click Add Output > Custom
- Name it
- Use this in the input field:
(where 192.168.X.X is your syslog server and 514 is the udp port, %{host} in the sourcehost field should pull the host from the original message, and a unique ID is created automatically by logstash, you will see it in the forwarded syslog in the remote syslog server)
- Save and Apply
Then have your syslog server admins validate it's working properly on their end, you may need to work with them (or your vendor of the syslog server product you're forwarding them to) to make sure it's receiving them and that the correct things it needs are in there.
- Click Show Outputs
- Click Add Output > Custom
- Name it
- Use this in the input field:
Code: Select all
syslog {
host => "192.168.X.X"
port => 514
sourcehost => "%{host}"
}- Save and Apply
Then have your syslog server admins validate it's working properly on their end, you may need to work with them (or your vendor of the syslog server product you're forwarding them to) to make sure it's receiving them and that the correct things it needs are in there.