Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Nagios log server implementation

https://support.nagios.com/forum/viewtopic.php?t=38754

Page 2 of 2

Re: Nagios log server implementation

Posted: Mon Jun 20, 2016 10:29 am
by hsmith
Can I please see the output of a ps -ef command?

Re: Nagios log server implementation

Posted: Tue Jun 21, 2016 12:22 am
by Monica7
Hi,

Code: Select all

[root@COGNISRV03 ~]# ps -ef |grep elastic
root     46512 46484  0 07:15 pts/0    00:00:00 grep --color=auto elastic
nagios   59362     1  0 Jun20 ?        00:02:30 /bin/java -Xms3908m -Xmx3908m -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Des.cluster.name=432b62f3-320c-48be-804b-cf1e54fa325c -Des.node.name=c32b6fa1-5806-424d-a1d3-7adabf6a3691 -Des.discovery.zen.ping.unicast.hosts=localhost -Des.path.repo=/ -Delasticsearch -Des.pidfile=/var/run elasticsearch/elasticsearch.pid -Des.path.home=/usr/local/nagioslogserver/elasticsearch -cp :/usr/local/nagioslogserver/elasticsearch/lib/elasticsearch-1.6.0.jar:/usr/local/nagioslogserver/elasticsearch/lib/*:/usr/local/nagioslogserver/elasticsearch/lib/sigar/* -Des.default.path.home=/usr/local/nagioslogserver/elasticsearch -Des.default.path.logs=/var/log/elasticsearch -Des.default.path.data=/usr/local/nagioslogserver/elasticsearch/data -Des.default.path.work=/usr/local/nagioslogserver/tmp/elasticsearch -Des.default.path.conf=/usr/local/nagioslogserver/elasticsearch/config org.elasticsearch.bootstrap.Elasticsearch

Code: Select all

[root@COGNISRV03 ~]# ps -ef|grep logstash
root     46515 46484  0 07:15 pts/0    00:00:00 grep --color=auto logstash
root     60124     1  0 Jun20 ?        00:00:00 runuser -s /bin/sh -c exec /usr/local/nagioslogserver/logstash/bin/logstash agent -f /usr/local/nagioslogserver/logstas /etc/conf.d -l /var/log/logstash/logstash.log  -w 4 root
root     60126 60124  1 Jun20 ?        00:11:29 /bin/java -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintClassHistogram -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:./logstash-gc.log -Xmx500m -Xss2048k -Djffi.boot.library.path=/usr/local/nagioslogserver/logstash/vendor/jruby/lib/jni -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintClassHistogram -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:./logstash-gc.log -Xbootclasspath/a:/usr/local/nagioslogserver/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/usr/local/nagioslogserver/logstash/vendor/jruby -Djruby.lib=/usr/local/nagioslogserver/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /usr/local/nagioslogserver/logstash/lib/bootstrap/environment.rb logstash/runner.rb agent -f /usr/local/nagioslogserver/logstash/etc/conf.d -l /var/log/logstash/logstash.log -w 4
[root@COGNISRV03 ~]#

Code: Select all

ps -ef output:
root       780     1  0 Jun20 ?        00:00:00 /sbin/auditd -n
root       804     1  0 Jun20 ?        00:00:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
avahi      807     1  0 Jun20 ?        00:00:00 avahi-daemon: running [COGNISRV03.local]
root       814     1  0 Jun20 ?        00:00:07 /usr/bin/python -Es /usr/sbin/tuned -l -P
root       815     1  0 Jun20 ?        00:00:08 /usr/sbin/irqbalance --foreground
root       817     1  0 Jun20 ?        00:00:00 /usr/lib/systemd/systemd-logind
dbus       818     1  0 Jun20 ?        00:00:01 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root       828     1  0 Jun20 tty1     00:00:00 /sbin/agetty --noclear tty1
avahi      838   807  0 Jun20 ?        00:00:00 avahi-daemon: chroot helper
root       843     1  0 Jun20 ?        00:00:00 /sbin/iprinit --daemon
root       845     1  0 Jun20 ?        00:00:00 /sbin/iprupdate --daemon
root       855     1  0 Jun20 ?        00:00:00 /sbin/iprdump --daemon
root       947     1  0 Jun20 ?        00:00:00 /usr/sbin/NetworkManager --no-daemon
polkitd   1276     1  0 Jun20 ?        00:00:00 /usr/lib/polkit-1/polkitd --no-debug
root      1395   947  0 Jun20 ?        00:00:00 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eno16777752.pid -lf /var/lib/NetworkManager/dhcl
root      1568     1  0 Jun20 ?        00:00:00 /usr/sbin/sshd -D
root      1570     1  0 Jun20 ?        00:00:00 /usr/bin/rhsmcertd
root      2209     1  0 Jun20 ?        00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysq
mysql     2724  2209  0 Jun20 ?        00:00:30 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql --log-error=/
root     29820     2  0 06:24 ?        00:00:00 [kworker/u128:2]
root     39669     2  0 06:54 ?        00:00:00 [kworker/0:1]
apache   40605 60349  0 06:57 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root     41288     2  0 06:59 ?        00:00:00 [kworker/1:1]
apache   42292 60349  0 07:02 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root     42870     2  0 07:04 ?        00:00:00 [kworker/u128:0]
root     43178     2  0 07:05 ?        00:00:00 [kworker/0:2]
root     44513     2  0 07:09 ?        00:00:00 [kworker/1:2]
root     44838     2  0 07:10 ?        00:00:00 [kworker/0:0]
apache   45236 60349  0 07:11 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache   45286 60349  0 07:11 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache   45850 60349  0 07:13 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache   46167 60349  0 07:14 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root     46174     2  0 07:14 ?        00:00:00 [kworker/u128:1]
apache   46176 60349  0 07:14 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root     46216     2  0 07:14 ?        00:00:00 [kworker/1:0]
root     46479  1568  0 07:15 ?        00:00:00 sshd: root@pts/0
root     46484 46479  0 07:15 pts/0    00:00:00 -bash
apache   46516 60349  0 07:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache   46558 60349  0 07:15 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache   47267 60349  0 07:17 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root     47347 46484  0 07:18 pts/0    00:00:00 ps -ef
nagios   59362     1  0 Jun20 ?        00:02:31 /bin/java -Xms3908m -Xmx3908m -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupan
root     60124     1  0 Jun20 ?        00:00:00 runuser -s /bin/sh -c exec /usr/local/nagioslogserver/logstash/bin/logstash agent -f /usr/local/nagioslogserver/logstash
root     60126 60124  1 Jun20 ?        00:11:30 /bin/java -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp -XX:+PrintGCDe
root     60349     1  0 Jun20 ?        00:00:03 /usr/sbin/httpd -DFOREGROUND

Re: Nagios log server implementation

Posted: Tue Jun 21, 2016 6:49 am
by Monica7
Hi,

I am getting below message in logstash.log after restarting logstash. Please have a look at this as well and help me resolving this issue

Code: Select all

{:timestamp=>"2016-06-21T13:08:00.313000+0200", :message=>"[color=#800000]Got error to send bulk of actions: None of the configured nodes are available:[/color] []", :level=>:error}
{:timestamp=>"2016-06-21T13:08:00.315000+0200", :message=>"[color=#800000]Failed to flush outgoing items[/color]", :outgoing_count=>1, :exception=>org.elasticsearch.client.transport.NoNodeAvailableException: None of the configured nodes are available: [], :backtrace=>["org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(org/elasticsearch/client/transport/TransportClientNodesService.java:279)", "org.elasticsearch.client.transport.TransportClientNodesService.execute(org/elasticsearch/client/transport/TransportClientNodesService.java:198)", "org.elasticsearch.client.transport.support.InternalTransportClient.execute(org/elasticsearch/client/transport/support/InternalTransportClient.java:106)", "org.elasticsearch.client.support.AbstractClient.bulk(org/elasticsearch/client/support/AbstractClient.java:163)", "org.elasticsearch.client.transport.TransportClient.bulk(org/elasticsearch/client/transport/TransportClient.java:356)", "org.elasticsearch.action.bulk.BulkRequestBuilder.doExecute(org/elasticsearch/action/bulk/BulkRequestBuilder.java:164)", "org.elasticsearch.action.ActionRequestBuilder.execute(org/elasticsearch/action/ActionRequestBuilder.java:91)", "org.elasticsearch.action.ActionRequestBuilder.execute(org/elasticsearch/action/ActionRequestBuilder.java:65)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:606)", "LogStash::Outputs::Elasticsearch::Protocols::NodeClient.bulk(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch/protocol.rb:224)", "LogStash::Outputs::Elasticsearch::Protocols::NodeClient.bulk(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch/protocol.rb:224)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:466)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:466)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:465)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:465)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:490)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:490)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:489)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:489)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:219)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:219)", "org.jruby.RubyHash.each(org/jruby/RubyHash.java:1341)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:216)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:216)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:193)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:193)", "Stud::Buffer.buffer_receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:159)", "Stud::Buffer.buffer_receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:159)", "LogStash::Outputs::ElasticSearch.receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:455)", "LogStash::Outputs::ElasticSearch.receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:455)", "LogStash::Outputs::Base.handle(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/outputs/base.rb:88)", "LogStash::Outputs::Base.handle(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/outputs/base.rb:88)", "RUBY.worker_setup(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/outputs/base.rb:79)", "java.lang.Thread.run(java/lang/Thread.java:745)"], :level=>:warn}
This is my output.conf file:

Code: Select all

output {

      elasticsearch {
        host => "COGNISRV03"
        #host  => "localhost"
        codec => "json"
        cluster =>"432b62f3-320c-48be-804b-cf1e54fa325c"
        #protocol => http
        protocol => transport
        index => "logstash-%{+YYYY.MM.dd}"
      }
      stdout { codec => rubydebug }

}
Node details:
--------------

Code: Select all

root@COGNISRV03 conf.d]# curl localhost:9200/_nodes/process?pretty
{
  "cluster_name" : "432b62f3-320c-48be-804b-cf1e54fa325c",
  "nodes" : {
    "gH6oZTJsRMSgi35nBHAhxg" : {
      "name" : "c32b6fa1-5806-424d-a1d3-7adabf6a3691",
      "transport_address" : "inet[/SERVER3 IP:9300]",
      "host" : "COGNISRV03",
      "ip" : "SERVER3 IP",
      "version" : "1.6.0",
      "build" : "cdd3ac4",
      "http_address" : "inet[localhost/127.0.0.1:9200]",
      "attributes" : {
        "max_local_storage_nodes" : "1"
      },
      "process" : {
        "refresh_interval_in_millis" : 1000,
        "id" : 4530,
        "max_file_descriptors" : 65535,
        "mlockall" : true
      }
    }
  }
}

Re: Nagios log server implementation

Posted: Tue Jun 21, 2016 9:22 am
by hsmith
What is going on with that outputs file? This is not a clean installation. There are things running in your ps -ef that show it's not clean. Your output file is also not what you would expect on a clean machine.

What I need you to do:

1) Spin up a virtual machine, from a minimal RHEL/CentOS 6/7 ISO.
2) wget the installation file for Nagios Log Server (wget https://assets.nagios.com/downloads/nag ... 4.1.tar.gz)
3) untar that file(tar xzf nag*)
4) cd to the nagioslogserver directory
5) ./fullinstall inside of the nagioslogserver directory.

Once you have completed these steps, tell me if the issues are still present. Just looking at your outputs file gives me enough indication that this is not an installation we can support.

Re: Nagios log server implementation

Posted: Mon Jun 27, 2016 7:36 am
by Monica7
Hi Smith,

I will check for clean minimal server with the requirements which is given by you. But I am having one doubt.

Logstash output.conf file , whether that configuration has to be done by ourselves or it will be automatically done?

If we want to do by ourselves. how we have to do . Please help.


output {

elasticsearch {
host => ?
#host => "localhost"
codec => "json"
cluster =>"432b62f3-320c-48be-804b-cf1e54fa325c"
#protocol => http
protocol => transport
index => "logstash-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }

in host section of output conf file, which server we have to mention. Server where nagios log server is installed or server which we want to track?

And do we need to mention any port in host section.

Re: Nagios log server implementation

Posted: Mon Jun 27, 2016 9:53 am
by hsmith
The output should look like this:

Code: Select all

output {
    elasticsearch {
        cluster => 'dc594e40-1e03-11e6-b6ef-c747495e98e0'
        host => 'localhost'
        document_type => '%{type}'
        node_name => 'dc119fb4-1e03-11e6-bdda-05f1f970ebe1'
        protocol => 'transport'
        workers => 4
    }
}
cluster and node_name are going to be different on your installation.

Re: Nagios log server implementation

Posted: Tue Jun 28, 2016 4:53 am
by Monica7
Hi Smith,

Output.conf file was written as suggested by you with my node name and cluster name. But in logstash I am getting the below error . Do you aware of this?

{:timestamp=>"2016-06-28T11:43:31.045000+0200", :message=>"Got error to send bulk of actions: None of the configured nodes are available: []", :level=>:error}
{:timestamp=>"2016-06-28T11:43:31.046000+0200", :message=>"Failed to flush outgoing items", :outgoing_count=>1, :exception=>org.elasticsearch.client.transport.NoNodeAvailableException: None of the configured nodes are available: [], :backtrace=>["org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(org/elasticsearch/client/transport/TransportClientNodesService.java:279)", "org.elasticsearch.client.transport.TransportClientNodesService.execute(org/elasticsearch/client/transport/TransportClientNodesService.java:198)", "org.elasticsearch.client.transport.support.InternalTransportClient.execute(org/elasticsearch/client/transport/support/InternalTransportClient.java:106)", "org.elasticsearch.client.support.AbstractClient.bulk(org/elasticsearch/client/support/AbstractClient.java:163)", "org.elasticsearch.client.transport.TransportClient.bulk(org/elasticsearch/client/transport/TransportClient.java:356)", "org.elasticsearch.action.bulk.BulkRequestBuilder.doExecute(org/elasticsearch/action/bulk/BulkRequestBuilder.java:164)", "org.elasticsearch.action.ActionRequestBuilder.execute(org/elasticsearch/action/ActionRequestBuilder.java:91)", "org.elasticsearch.action.ActionRequestBuilder.execute(org/elasticsearch/action/ActionRequestBuilder.java:65)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:606)", "LogStash::Outputs::Elasticsearch::Protocols::NodeClient.bulk(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch/protocol.rb:224)", "LogStash::Outputs::Elasticsearch::Protocols::NodeClient.bulk(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch/protocol.rb:224)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:466)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:466)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:465)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:465)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:490)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:490)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:489)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:489)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:219)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:219)", "org.jruby.RubyHash.each(org/jruby/RubyHash.java:1341)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:216)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:216)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:193)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:193)", "RUBY.buffer_receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:159)", "RUBY.receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:455)", "RUBY.handle(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/outputs/base.rb:88)", "RUBY.worker_setup(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/outputs/base.rb:79)", "java.lang.Thread.run(java/lang/Thread.java:745)"], :level=>:warn}[root@COGNISRV03 logstash]#


Question 2:
-------------
Do we need to do any configurations in elasticsearch.yml file as part of Nagios log server Configuration?Please confirm

Re: Nagios log server implementation

Posted: Tue Jun 28, 2016 6:17 am
by Monica7
Hi,

Whether cluster.name , network.bind_host,network.publish_host,network.host needs to be modified in elasticsearch.yml file. If it needs to be modified, Please advise on how to modify these fields.

Re: Nagios log server implementation

Posted: Tue Jun 28, 2016 10:08 am
by rkennedy
Monica7 wrote:Hi Smith,

Output.conf file was written as suggested by you with my node name and cluster name. But in logstash I am getting the below error . Do you aware of this?

{:timestamp=>"2016-06-28T11:43:31.045000+0200", :message=>"Got error to send bulk of actions: None of the configured nodes are available: []", :level=>:error}
{:timestamp=>"2016-06-28T11:43:31.046000+0200", :message=>"Failed to flush outgoing items", :outgoing_count=>1, :exception=>org.elasticsearch.client.transport.NoNodeAvailableException: None of the configured nodes are available: [], :backtrace=>["org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(org/elasticsearch/client/transport/TransportClientNodesService.java:279)", "org.elasticsearch.client.transport.TransportClientNodesService.execute(org/elasticsearch/client/transport/TransportClientNodesService.java:198)", "org.elasticsearch.client.transport.support.InternalTransportClient.execute(org/elasticsearch/client/transport/support/InternalTransportClient.java:106)", "org.elasticsearch.client.support.AbstractClient.bulk(org/elasticsearch/client/support/AbstractClient.java:163)", "org.elasticsearch.client.transport.TransportClient.bulk(org/elasticsearch/client/transport/TransportClient.java:356)", "org.elasticsearch.action.bulk.BulkRequestBuilder.doExecute(org/elasticsearch/action/bulk/BulkRequestBuilder.java:164)", "org.elasticsearch.action.ActionRequestBuilder.execute(org/elasticsearch/action/ActionRequestBuilder.java:91)", "org.elasticsearch.action.ActionRequestBuilder.execute(org/elasticsearch/action/ActionRequestBuilder.java:65)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:606)", "LogStash::Outputs::Elasticsearch::Protocols::NodeClient.bulk(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch/protocol.rb:224)", "LogStash::Outputs::Elasticsearch::Protocols::NodeClient.bulk(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch/protocol.rb:224)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:466)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:466)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:465)", "LogStash::Outputs::ElasticSearch.submit(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:465)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:490)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:490)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:489)", "LogStash::Outputs::ElasticSearch.flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:489)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:219)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:219)", "org.jruby.RubyHash.each(org/jruby/RubyHash.java:1341)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:216)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:216)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:193)", "Stud::Buffer.buffer_flush(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:193)", "RUBY.buffer_receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/buffer.rb:159)", "RUBY.receive(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-0.2.8-java/lib/logstash/outputs/elasticsearch.rb:455)", "RUBY.handle(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/outputs/base.rb:88)", "RUBY.worker_setup(/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/outputs/base.rb:79)", "java.lang.Thread.run(java/lang/Thread.java:745)"], :level=>:warn}[root@COGNISRV03 logstash]#


Question 2:
-------------
Do we need to do any configurations in elasticsearch.yml file as part of Nagios log server Configuration? Please confirm
1. Is the above on a new install, that is clean, or is this still the pre-existing system? If it's a new system, please post the full output of the following commands -

Code: Select all

ps -ef
top | head - n25
Then, post your /var/log/logstash/logstash.log and /var/log/elasticsearch/*.log file (where * is the logfile elasticsearch is using)

2. If you're running through a clean install, on a fresh machine, all you need to do is run the ./fullinstall to configure things.
All times are UTC-05:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited