Log server priority and severity set to 0

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
agg
Posts: 3
Joined: Mon Oct 07, 2019 10:50 pm

Log server priority and severity set to 0

Post by agg »

Hi,

I'm currently working on a project where I need to send log messages to Nagios server. I can send messages, but priority and severity are always set to zero eventhough I changed from DEBUG to ERROR. I'm completely new to Nagios as I'm just developing the Python code and I never worked with Nagios.
thumbnail_image001.jpg
I also include what I'm currently logging:

2019-10-04 11:39:37,823 - __main__ - INFO - *** Process start ***
2019-10-04 11:39:37,823 - __main__ - INFO - Connecting to DB
2019-10-04 11:39:37,831 - __main__ - INFO - Connection created
2019-10-04 11:39:37,835 - __main__ - INFO - Query executed
2019-10-04 11:39:38,355 - __main__ - INFO - *** Process ends ***

I've done some research, but I can't find the reason to this.
Any help in the right direction will be highly appreciated.

Best regards,
Àlex
You do not have the required permissions to view the files attached to this post.
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Log server priority and severity set to 0

Post by mcapra »

You are sending a message from your Python code to the syslog input rule that comes pre-installed with Nagios Log Server. Problem is, your message is not syslog compliant (RFC3164). The Nagios Log Server input rule is looking for a syslog formatted message, and you're sending it something completely different.

More info:
https://stackoverflow.com/questions/920 ... age-format

Python has a few RFC5424 libraries you could try, which might produce a RFC3164 compliant message?
https://pypi.org/project/rfc5424-logging-handler/

Else, you could feed your logs into a different input rule. There should be a "Import Files - Raw" rule and a "Import Files - JSON" input rule. If you were to format your log messages as JSON, you could feed them right into the JSON rule and get nice field mappings to search on. Or, you could write a filter rule to process your messages as-is and map them to fields with some clever Grok filters.

More info on input rules:
https://assets.nagios.com/downloads/nag ... Inputs.pdf

More info on filter rules:
https://assets.nagios.com/downloads/nag ... ilters.pdf
Former Nagios employee
https://www.mcapra.com/
agg
Posts: 3
Joined: Mon Oct 07, 2019 10:50 pm

Re: Log server priority and severity set to 0

Post by agg »

Thank you for your quick reply mcapra
I thought it was syslog compliant when I saw type “syslog” in the dashboard screen I attached in my post, my fault.
I’m gonna check the library you mentioned in your reply.
Thanks again for your help
Best regards
Alex
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Log server priority and severity set to 0

Post by cdienger »

Thanks for the input, @mcapra!

@agg, let us know your results and if we can assist with anything further.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
agg
Posts: 3
Joined: Mon Oct 07, 2019 10:50 pm

Re: Log server priority and severity set to 0

Post by agg »

Hi @mcapra

I tried the library you suggested and I can't see any difference between my previous post. Nagios received the message but priority and severity are still zero. As you can see from my attached screenshot, the message has different <XX> calculated.
Any idea?

[img]
thumbnail_image001.png
[/img]

Thank you again
Àlex
You do not have the required permissions to view the files attached to this post.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Log server priority and severity set to 0

Post by cdienger »

The syslog input(https://www.elastic.co/guide/en/logstas ... yslog.html) is expecting the logs to come over in following rfc3164. Try changing the message to look like:

Code: Select all

<155>Oct  9 16:49:01 hostname program: test
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Locked