Integration AIX application logs with NLS

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
lukedevon
Posts: 143
Joined: Sat Mar 24, 2018 9:15 am

Integration AIX application logs with NLS

Post by lukedevon »

Hi,

May I know, is there anyone who has successfully integrated syslog and application logs in AIX operating system with Nagios Log Server?

Currently, AIX syslog has configured for port 514 for a different remote log collector.

But I wanna forward AIX application logs to port 5544 in Nagios Log Server. I tried so many ways but none of methods were successful.

Finally I found this tool, and it works in AIX.
https://github.com/didfet/logstash-forwarder-java

But it requires so many customization as it has introduced some restrictions. In my environment,
1. I want to push multiple application logs , around 10 no.of logs
2. It should be able to configure TCP connection
3. There shouldn't be a limitation of file size.

Please help me if anyone has done the correct integration AIX application logs with NLS.

Thank you
Luke.
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: Integration AIX application logs with NLS

Post by mbellerue »

In your previous setup, were you just using rsyslog to push logs to the other server on port 514?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
lukedevon
Posts: 143
Joined: Sat Mar 24, 2018 9:15 am

Re: Integration AIX application logs with NLS

Post by lukedevon »

Hi,

Thank you for the reply. Actually AIX doesn't have rsyslog installed and the current syslog uses to send those audit logs to a different log collecting platform. It uses port 514.

In this environment, we have to use different port like port 5544 to send those application logs to NLS . This is the only solution we have now .

Br
Luke.
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: Integration AIX application logs with NLS

Post by mbellerue »

One thing you might try is just copying the Syslog input that comes with Log Server, and having the copy listen on port 514. Then you could point syslog on AIX to your log server at port 514, and Log Server should start collecting the logs.

Do note that there is additional work to be done in order to listen on privileged ports (ports lower than 1024). This document should guide you through that process.
https://assets.nagios.com/downloads/nag ... Server.pdf
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
lukedevon
Posts: 143
Joined: Sat Mar 24, 2018 9:15 am

Re: Integration AIX application logs with NLS

Post by lukedevon »

Thank you once again for the valuable inputs.
However we have tried that approach also what you have recommended. We tried to forward all the application logs to syslog (/var/log/messages). Didn't work. Means, we tried all possible ways but NLS didn't receive the logs. May be there is some kind of limitations in AIX OS.

Current difficulties are;
1. We are not allow to install any extra packages as the systems are fully optimized for their product . (IBM products)
2. We are not not allow to do any modification for systems settings.

Only positiveness is , we are allowed to install java app/module as java already installed in the AIX nodes. That's why we decided to use that log forwarder. But it seems that also having some restrictions as it requires some customization. We are working on it.

Br
Luke.
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: Integration AIX application logs with NLS

Post by mbellerue »

Here is a document on modifying the syslog service on AIX. In here is information on configuring syslog message to a remote log service.
http://aix4admins.blogspot.com/2016/09/ ... built.html

If you are not allowed to reconfigure syslog, and you are not allowed to install additional packages, then it may not be possible to capture the logs from this server. Nagios Log Server cannot reach out to a server and grab its logs, Log Server can only receive the logs.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked