Page 2 of 3
Re: Remove Client
Posted: Thu Feb 18, 2016 4:53 pm
by rlinux57
that's rsyslog.
Re: Remove Client
Posted: Thu Feb 18, 2016 4:58 pm
by hsmith
Did you use the linux wizard inside of Nagios Log Server to generate rsyslog configuration files and put them on your client machine?
Re: Remove Client
Posted: Thu Feb 18, 2016 5:06 pm
by rlinux57
I have run below command on client:
Code: Select all
bash setup-linux.sh -s NLSIP-Address -p 5544 -f "/usr/local/cpanel/logs/access_log" -t apachelogs
Output:
Code: Select all
Detected rsyslog 5.8.10
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: NLSIP:5544
Processing /usr/local/cpanel/logs/access_log file...
Creating /etc/rsyslog.d/90-nagioslogserver_usr_local_cpanel_logs_access_log.conf...
SELinux is disabled.
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.
Re: Remove Client
Posted: Thu Feb 18, 2016 5:08 pm
by hsmith
And nothing is showing up in NLS? Is there a firewall between the two devices?
Re: Remove Client
Posted: Thu Feb 18, 2016 5:12 pm
by rlinux57
Nothing will be shown. Even i have disabled firewall.
CSF firewall, i have allowed NLS ip and port 5544
Re: Remove Client
Posted: Thu Feb 18, 2016 5:18 pm
by hsmith
If you run a TCP dump on the Log Server, do you see anything coming in from port 5544 from that particular host? Did you make sure that it's both TCP and UDP port 5544 allowed through the firewall?
Re: Remove Client
Posted: Thu Feb 18, 2016 5:24 pm
by rlinux57
How can i use tcpdump command ?
I have allowed both TCP and UDP
Re: Remove Client
Posted: Thu Feb 18, 2016 5:27 pm
by hsmith
On NLS you'll first need to install it:
Then launch it to listen to traffic on port X from host Y(replace 10.10.10.10 with the actual IP address you should be getting logs from):
Code: Select all
tcpdump host 10.10.10.10 and port 5544
Re: Remove Client
Posted: Thu Feb 18, 2016 5:38 pm
by rlinux57
I'm getting logs from tcpdump
Re: Remove Client
Posted: Thu Feb 18, 2016 5:43 pm
by hsmith
And they're nowhere in the NLS interface? What dashboard are you using to check? If you see them come in, there should be no reason they're not logging.
You can see a good breakdown of which logs are coming in by using this:
6.png