Page 2 of 5
Re: Syslog Source Output as JSON Format
Posted: Tue Jul 23, 2019 5:00 am
by tcsdi
cdienger wrote:The images were not attached. Please try attaching them again.
Hi cdienger,
Apologies, please see attached images for the input and output configuration.
We can still receive input but don't see any output on port 1524, also tried removing the line for sourcehost, still no output seen.
Please advise if there are any needed changes on the config
Re: Syslog Source Output as JSON Format
Posted: Tue Jul 23, 2019 2:10 pm
by cdienger
The configuraiotn looks good. Is the NLS machien able to make a connection if you run the following on the NLS command line:
?
Re: Syslog Source Output as JSON Format
Posted: Thu Aug 01, 2019 4:08 am
by tcsdi
cdienger wrote:The configuraiotn looks good. Is the NLS machien able to make a connection if you run the following on the NLS command line:
?
Hi
@cdienger,
When I try using the TELNET command, it could not reach the server but the port 1524 is open on 172.31.108.236 upon checking. Can you help me out on this one?
On the output image attached, I sent a telnet command to 3 ports, but none of them returned anything. However, nagios can get logs from port 1515.
Re: Syslog Source Output as JSON Format
Posted: Thu Aug 01, 2019 2:08 pm
by cdienger
I should point out that telnet command uses TCP so it would only work if the remote syslog server is listening on TCP port 1524(often times UDP is the default). Do you know if it's listening on TCP 1542?
Do you see data leaving the NLS machine if you run:
Code: Select all
yum -y install tcpdump
tcpdump -i any -nnX port 1524
?
Re: Syslog Source Output as JSON Format
Posted: Mon Aug 05, 2019 2:19 am
by tcsdi
Hi Cdienger,
See result for tcp dump, successful result was for port 1515 no packets on 1524
Re: Syslog Source Output as JSON Format
Posted: Mon Aug 05, 2019 12:29 pm
by cdienger
Edit /etc/init.d/logstash and change line 64 from:
Code: Select all
DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"
to:
Code: Select all
DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS} --debug"
and restart Logstash with:
Let this run just long enough for netflow data to come in then revert the changes to disable it. This should create a /var/log/logstash/logstash.log file with some more details. Please PM me a copy of this file as well as a profile from Admin > System > System Status > Download System Profile.
Re: Syslog Source Output as JSON Format
Posted: Tue Aug 06, 2019 9:44 pm
by tcsdi
Hi,
We are preparing the logstash and we will send it to you soon. Also we have an additional question.
From the dashboard, it still shows nflow not netflow.
How do we modify this?
Regards,
Re: Syslog Source Output as JSON Format
Posted: Wed Aug 07, 2019 1:13 pm
by cdienger
The image didn't make it. Can you attach it again?
Are these current events that have the wrong type set? It sounds like the configuration has a typo. Try saving and applying the Logstash config again and check /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf to make sure the config is getting written properly.
Re: Syslog Source Output as JSON Format
Posted: Wed Aug 07, 2019 8:30 pm
by tcsdi
Hi,
Kindly see the picture below
Re: Syslog Source Output as JSON Format
Posted: Thu Aug 08, 2019 9:14 am
by cdienger
Please open a ticket for this at
https://support.nagios.com/tickets/ and we can take a closer look.