Syslog Source Output as JSON Format

[tcsdi]

The images were not attached. Please try attaching them again.

Hi cdienger,

Apologies, please see attached images for the input and output configuration.

We can still receive input but don't see any output on port 1524, also tried removing the line for sourcehost, still no output seen.

Please advise if there are any needed changes on the config

[cdienger]

The configuraiotn looks good. Is the NLS machien able to make a connection if you run the following on the NLS command line:

Code: Select all

telnet 172.31.108.236 1524

?

[tcsdi]

The configuraiotn looks good. Is the NLS machien able to make a connection if you run the following on the NLS command line:

Code: Select all

telnet 172.31.108.236 1524

?

Hi @cdienger,

When I try using the TELNET command, it could not reach the server but the port 1524 is open on 172.31.108.236 upon checking. Can you help me out on this one?

On the output image attached, I sent a telnet command to 3 ports, but none of them returned anything. However, nagios can get logs from port 1515.

[cdienger]

I should point out that telnet command uses TCP so it would only work if the remote syslog server is listening on TCP port 1524(often times UDP is the default). Do you know if it's listening on TCP 1542?

Do you see data leaving the NLS machine if you run:

Code: Select all

yum -y install tcpdump
tcpdump -i any -nnX port 1524

?

[tcsdi]

Hi Cdienger,


See result for tcp dump, successful result was for port 1515 no packets on 1524

[cdienger]

Edit /etc/init.d/logstash and change line 64 from:

Code: Select all

DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"

to:

Code: Select all

DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS} --debug"

and restart Logstash with:

Code: Select all

service logstash restart

Let this run just long enough for netflow data to come in then revert the changes to disable it. This should create a /var/log/logstash/logstash.log file with some more details. Please PM me a copy of this file as well as a profile from Admin > System > System Status > Download System Profile.

[tcsdi]

Hi,

We are preparing the logstash and we will send it to you soon. Also we have an additional question.

From the dashboard, it still shows nflow not netflow.



How do we modify this?

Regards,

[cdienger]

The image didn't make it. Can you attach it again?

Are these current events that have the wrong type set? It sounds like the configuration has a typo. Try saving and applying the Logstash config again and check /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf to make sure the config is getting written properly.

[tcsdi]

Hi,


Kindly see the picture below

[cdienger]

Please open a ticket for this at https://support.nagios.com/tickets/ and we can take a closer look.