CLI to get host sending logs in last week

[biswajit.banerjee]

Hi
We have web ui to see all the host sending logs for last 24 Hours .
My question is
do we have any cli to check if the mentioned host is sending logs to Nagios Log server in past week or last 24 Hours

[scottwilkerson]

You can use the following from one of your Log Server instances for the last day

Code: Select all

curl -XPOST "localhost:9200/_search?search_type=count&pretty=1" -d '{"query":{"filtered":{"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":"now-1d","to":"now"}}}]}}}},"aggs":{"hosts":{"terms":{"field":"host.raw", "size":9999}}}}'

and the following for the last 7 days

Code: Select all

curl -XPOST "localhost:9200/_search?search_type=count&pretty=1" -d '{"query":{"filtered":{"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":"now-7d","to":"now"}}}]}}}},"aggs":{"hosts":{"terms":{"field":"host.raw", "size":9999}}}}'

notice we are changing the "from" from now-1d to now-7d

[biswajit.banerjee]

Thanks

Do we have any Plugin , If host is sending log is shows Ok on Nagios XI , If not then Gives Warning

Can you suggest some thing on this line .

TIA

[scottwilkerson]

Yes, you can run the Nagios Log Server Wizard, and use the "Text Queries" section
There is an example here
https://support.nagios.com/forum/viewto ... 25#p304084

but in your case to warn on 0 entries, in the warning threshold enter @1

[biswajit.banerjee]

Hi

Some how i could find the Nagios Log Server Wizard in Configure section .
Also My requirement is
I have 2000+ Devices
I have a target to onboard all network devices on Log Server , But it is not in my control as done by Network Team .
I want to apply a nagios XI template to all the devices i wanted to have it onboarded on NLS and see which one is onboarded as OK and which is not as Warning in Nagios XI

Can you suggest some thing on that line .

The second approach is
Install NRPE on NLS
Make a script to fetch all devices sending logs in past one week
Then call Nrpe to check the host against the captured devices file

The problem I am facing in second approach is I am not able to pass the Ipaddress of te concerning host via nrpe
From NLS

Code: Select all

[root@usvanagiosplog2 ~]# /usr/local/nagios/libexec/check_host.sh 139.68.12.15
OK: 139.68.12.15 is configured in Nagios Log Server and recieving Logs
[root@usvanagiosplog2 ~]# /usr/local/nagios/libexec/check_host.sh 139.68.12.17
WARNING: 139.68.12.17 is NOT configured in Nagios Log Server

From Nrpe

Code: Select all

[root@usvanagiosplog2 ~]# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_NLS_host -a 139.68.12.17
OK: $ is configured in Nagios Log Server and recieving Logs

cat /usr/local/nagios/libexec/check_host.sh

Code: Select all

#!/bin/bash
HOSTCHECK=`grep $1 /tmp/host1.txt> /dev/null 2>&1 ; echo $?`
if [[ ${HOSTCHECK} == 0 ]] ; then
 echo "OK: $1 is configured in Nagios Log Server and recieving Logs "
        exit 0
else
 echo "WARNING: $1 is NOT configured in Nagios Log Server  "
        exit 1
fi

Can you please help , where I am going wrong

[scottwilkerson]

I'm not exactly sure I understand what you are doing here, but do you have this set to 1 in your /usr/local/nagios/etc/nrpe.cfg?

Code: Select all

dont_blame_nrpe=1

[biswajit.banerjee]

Was Already set

[scottwilkerson]

Was Already set

To be clear, you are checking this on usvanagiosplog2 correct?

Can you show the command definition line for check_NLS_host from the nrpe.cfg? does it contain $ARG1$ ?

[biswajit.banerjee]

Thanks , it sorted out .

[scottwilkerson]

Thanks , it sorted out .

Great!

Locking thread