Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Cisco Switch Logs

https://support.nagios.com/forum/viewtopic.php?t=32171

Page 2 of 5

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 3:40 pm
by jolson
Did you finish step 2 of the document?

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 3:47 pm
by ssavaso
[root@localhost logstash]# ls -al
total 12
drwxr-xr-x. 2 nagios nagios 4096 Mar 28 03:35 .
drwxr-xr-x. 8 root root 4096 Mar 31 16:05 ..
-rw-r--r-- 1 nagios users 0 Mar 28 03:35 logstash.log
-rw-r--r-- 1 nagios users 547 Mar 28 03:35 logstash.log-20150328.gz
[root@localhost logstash]#

Looks like the logstash.log file has nothing in it however it has a logstash.log-20150328.gz so maybe the logs are in there.

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 3:55 pm
by ssavaso
Think I found the problem.

[root@localhost logstash]# tail logstash.log-20150328
{:timestamp=>"2015-03-27T18:38:02.231000-0400", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2015-03-27T18:38:02.265000-0400", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-03-27T18:44:58.613000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:44:58.707000-0400", :message=>"Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:59:07.056000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T18:59:07.127000-0400", :message=>"Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
{:timestamp=>"2015-03-27T19:09:57.527000-0400", :message=>"Using milestone 1 input plugin 'syslog'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones", :level=>:warn}
[root@localhost logstash]#

No config file found is the first error message.

If I go to the Administration area and I do a view input files I get the following.

# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 31 Mar 2015 16:52:44 -0400
#

#
# Global inputs
#



#
# Local inputs
#

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 4:03 pm
by jolson
Run the following command to remove your current configuration files:

Code: Select all

rm -rf /usr/local/nagioslogserver/logstash/etc/conf.d/*.conf
Please navigate to the Web GUI -> Administration -> Global Configuration and issue an 'Apply Configuration' - this will regenerate your logstash config files.

After this, try restarting logstash:

Code: Select all

service logstash restart

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 4:04 pm
by ssavaso
Yes I did step 2 of the document.

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 4:09 pm
by ssavaso
Did the following commands and it started but stopped again.

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 4:13 pm
by jolson
You removed the .conf files and pressed the 'Apply Configuration' button? Did anything show up in the logstash conf directory?

Code: Select all

ls -l /usr/local/nagioslogserver/logstash/etc/conf.d/
Anything new in the logstash log?

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 4:18 pm
by ssavaso
I added another syslog file to the local instance which is actually the only one running and I also add another syslog input and saved & verified button. Then started logstash and it is now collecting and has not stopped this time.

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 4:19 pm
by jolson
Great - let us know if you have any further issues!

Re: Cisco Switch Logs

Posted: Tue Mar 31, 2015 4:21 pm
by ssavaso
Interesting I only see local inputs which looks like the local instance of the server. Even though I have Global inputs configured I don't see those in this file.

[root@localhost conf.d]# more 000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 31 Mar 2015 17:12:55 -0400
#

#
# Global inputs
#



#
# Local inputs
#

input {
syslog {
type => 'syslog'
port => 514
}
}
All times are UTC-05:00
Page 2 of 5

Powered by phpBB® Forum Software © phpBB Limited