Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Syslog Source Output as JSON Format

https://support.nagios.com/forum/viewtopic.php?t=54703

Page 4 of 5

Re: Syslog Source Output as JSON Format

Posted: Tue Oct 08, 2019 9:38 pm
by tcsdi
Hi,

After enabling NetFlow, we are not receiving DNS logs anymore.

Kindly See the picture below

Image

Regards,

Re: Syslog Source Output as JSON Format

Posted: Wed Oct 09, 2019 1:58 pm
by cdienger
Modify the filter so that dns logs do not hit the kv filter:

Code: Select all

if [type] != 'dnslog'{

kv {
    exclude_keys => [ "host" ]
}
}

Re: Syslog Source Output as JSON Format

Posted: Tue Oct 15, 2019 9:55 pm
by tcsdi
Hi Support,


Thank you for reply, For the main issue, we are using Netflow v9 and the logs still look like this:

Image

Another question is, should we use this for input?

udp {

type => 'nflow'

port => 2055
}

Or this?

udp {

type => 'nflow'

port => 2055

codec => netflow {

versions => [9]

Regards,
TCSDI

Re: Syslog Source Output as JSON Format

Posted: Wed Oct 16, 2019 1:33 pm
by cdienger

Code: Select all

udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
}

Re: Syslog Source Output as JSON Format

Posted: Wed Oct 23, 2019 8:21 pm
by tcsdi
Hi Cdienger,

We already applied the input and filter but NetFlow logs are still unreadable.

What do we need to make this show Source, Destination, Port, etc.?

We really need to integrate Netflow to our logs.

Image

udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
----------------------------------------------------------
if [type] != 'dnslog'{
kv {
exclude_keys => [ "host" ]
}
}

Regards,
Christian

Re: Syslog Source Output as JSON Format

Posted: Thu Oct 24, 2019 3:12 pm
by cdienger
What do these events look like in the dashboard? Expand an event in the dashboard so that we can see all fields and provide a screenshot.

Re: Syslog Source Output as JSON Format

Posted: Sun Oct 27, 2019 8:19 pm
by tcsdi
Hi,

Please see DNS logs go down after the application of the new filters.

Image

Regards

Re: Syslog Source Output as JSON Format

Posted: Mon Oct 28, 2019 1:13 pm
by cdienger
What 'new filters'? The previous message indicated that the filters I last suggested were already in the configuration and we were trying to determine what needs to be done to display netflow log properly.

Re: Syslog Source Output as JSON Format

Posted: Mon Oct 28, 2019 9:09 pm
by tcsdi
Hi Cdienger,

We already applied the input and filter but NetFlow logs are still unreadable.

What do we need to make this show Source, Destination, Port, etc.?

We really need to integrate Netflow to our logs.

Image

We use this code that you give it to us.

udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
----------------------------------------------------------
if [type] != 'dnslog'{
kv {
exclude_keys => [ "host" ]
}
}

Regards,

(REPOST)

Re: Syslog Source Output as JSON Format

Posted: Tue Oct 29, 2019 1:21 pm
by cdienger
You're missing a } at the end of your udp netflow input. It should be:

Code: Select all

udp {
type => 'nflow'
port => 2059
codec => netflow {
versions => [5,9]
}
}
Once data is coming in with the above:

Expand an event in the dashboard so that we can see all fields and provide a screenshot. (REPOST)

See the attached screenshots.
All times are UTC-05:00
Page 4 of 5

Powered by phpBB® Forum Software © phpBB Limited