Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Linux file monitoring - how to delete

https://support.nagios.com/forum/viewtopic.php?t=30036

Page 1 of 1

Linux file monitoring - how to delete

Posted: Mon Nov 10, 2014 3:37 pm
by rhaig10695
Hello,

I added a bunch of file monitors on a Linux server and i'd like to delete a few of them. How do I do this and is there a way to delete the data on the server as well?

Thanks!
Ryan

Re: Linux file monitoring - how to delete

Posted: Mon Nov 10, 2014 4:10 pm
by sreinhardt
You would need to modify the /etc/rsyslog.d/ config files. Depending on how you added those files, you may have lots of individual files or a single file. Deleting data from log server currently needs to be done from the command line and looks like:

Code: Select all

curl -XDELETE 'http://localhost:9200/logstash-*/_all/_query' -d '{
    "query" : {
        "term" : { "host" : "10.0.0.1" }
    }
}'
You would want to change the 10.0.0.1 to the host ip or name you wish to remove. This will output the number of successful and failed removals. One thing to note is that close indeces will not have data removed, they will need to be reopened first.

Re: Linux file monitoring - how to delete

Posted: Mon Nov 10, 2014 11:07 pm
by eloyd
Oh man, that's ugly. Any chance to add index/log management from the GUI? I mean, I love scripting curl requests all day, every day, but that's bound to introduce errors some day.

Re: Linux file monitoring - how to delete

Posted: Tue Nov 11, 2014 4:45 pm
by tmcdonald
I suppose that could be done. I suppose, even, that I could file a feature request for this. I suppose even further it could say something like:

Code: Select all

Feature Request:  Add logserver source removal scripts

Add ability to manage log entries per source, possibly with an auto-generated script that handles the syslog configs and phones home to alert NLS of the removal, similarly to how we offer setup scripts only in reverse.
and it would theoretically have the request ID 4434 in our internal feature requests queue.

Just a thought.

Re: Linux file monitoring - how to delete

Posted: Tue Nov 11, 2014 5:03 pm
by eloyd
Oh, perchance to dream that there existed such a magical place as that which you describe.

Re: Linux file monitoring - how to delete

Posted: Tue Nov 11, 2014 5:05 pm
by tmcdonald
What a world that would be.

rhaig10695, I have filed a feature request for this. Did the curl solution work for you?
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited