Rsyslog config sending to Nagios logserver ?

[toper]

Hi,

I have installed Nagios logserver demo (single instance) on my current central rsyslog server in our Lab,
it is working fine, i get about 10 mill docs/day from 80 servers.
When i installed Nagios logserver it automaticly setup that rsyslog sends all messages into the
logserver on port 5544. But i cant find this configuration anywhere. I would like to setup it up,
so definition of the transfer to logserver is done in rsyslog.conf. Then it would be possible to
filter some messages away before they was sent to Nagios.

Q1 : Where are the configuration of port 5544 sending done, and how do i stop it.

thanks,
Peter Calum
TDC, Denmark

[lgroschen]

Peter,

To access where the port is being set (which is by default in LogServer) all you need to do on the User Interface is:

On the Nav bar select Administration > Global Configuration.

You will see the 'Inputs' Column on the left side. Select the "+" button to the right and it will drop dwon and show that syslog type logs are being input through port 5544. You can customize these as you need and all you will need to do is make sure the rsyslog settings match.

Here is the Nagios Log Server Documentation on Inputs:
http://library.nagios.com/library/produ ... ing-inputs

There are also a number of other documents available at that location for anything you want to learn about Log Server.

/Luke

[toper]

Hi Luke

I understand how the logserver listens on port 5544
But where/how is it defined that rsyslog should send to that port ?

Rsyslog recieves messages from the hosts on port 514, and i dont see
any forwarding to 5544 in rsyslog.conf

br,
Peter Calum,
TDC, Denmark

[lgroschen]

Ok, this is a lot easier than you would think.

Click the green button on the navigation bar 'Log Source', select the Linux setup- first in the list. The first page is the script setup that is run. The second tab is the manual section that will show the Rsyslog Configuration File and on line 10 there is a <IP>:<port>. This is where you would set that on your system. The first code block will show you the location of all the directories rsyslog is using and then follow the directions on the page or edit the file as you see fit.

[toper]

Thanks,

Now i found the configuration

it is saved in /etc/rsyslog.d/

[root@khk9dsg9 etc]# cd rsyslog.d
[root@khk9dsg9 rsyslog.d]# ls -la
total 20
drwxr-xr-x. 2 root root 4096 Oct 20 13:38 .
drwxr-xr-x. 111 root root 12288 Oct 28 03:28 ..
-rw-r--r-- 1 root root 863 Oct 20 13:38 nagioslogserver.conf
[root@khk9dsg9 rsyslog.d]# cat nagioslogserver.conf
# ### begin forwarding rule ### NAGIOSLOGSERVER
#
$WorkDirectory /var/lib/rsyslog # where to place spool files NAGIOSLOGSERVER
$ActionQueueFileName fwdRule1 # unique name prefix for spool files NAGIOSLOGSERVER
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) NAGIOSLOGSERVER
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown NAGIOSLOGSERVER
$ActionQueueType LinkedList # run asynchronously NAGIOSLOGSERVER
$ActionResumeRetryCount -1 # infinite retries if host is down NAGIOSLOGSERVER
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional NAGIOSLOGSERVER
*.* @@localhost:5544 # NAGIOSLOGSERVER
# ### end of the forwarding rule ### # NAGIOSLOGSERVER
[root@khk9dsg9 rsyslog.d]#
[root@khk9dsg9 rsyslog.d]#

br,
Peter calum

[lgroschen]

I'm glad that helped. I'm going to lock this topic and if you have any more questions feel free to open a new topic or PM me.

/Luke