Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Adding ndo2db.debug to logging

https://support.nagios.com/forum/viewtopic.php?t=30372

Page 1 of 1

Adding ndo2db.debug to logging

Posted: Tue Dec 02, 2014 5:44 pm
by gurkakrieg
I would like to add ndo2db.debug to Nagios Log Server (NLS). ndo is running on a remote machine from which I'm already getting syslog data. I've used the "Linux Files" button and ran the bash scripts to configure everything, with success returns. But nothing is showing up in NLS. I've made sure to restart rsyslogd on the remote server.

Do I need to add filtering rules? How?

Also, is there a way using the GUI to see what hosts I am already tracking? I can see that I am logging 4, but can't seem to find a screen that shows which ones they are.

Thanks.

Re: Adding ndo2db.debug to logging

Posted: Tue Dec 02, 2014 5:55 pm
by slansing
Can you show us your rsyslog configuration from the XI/Core server that you are trying to send from? To be clear, you are actually receiving current, and valid syslog data from that server, just not with the addition of ndo2db.debug?

Re: Adding ndo2db.debug to logging

Posted: Tue Dec 02, 2014 8:52 pm
by gurkakrieg
Yes, I am receiving current syslog data from that server. Here is the contents of /etc/rsyslog.conf

Code: Select all

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
And here is the contents of /etc/rsyslog.d/90-nagioslogserver_usr_local_nagios_var_ndo2db.debug.conf

Code: Select all

$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog

# Input for ndo2db_debug
$InputFileName /usr/local/nagios/var/ndo2db.debug
$InputFileTag ndo2db_debug:
$InputFileStateFile nls-state-usr_local_nagios_var_ndo2db.debug # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'ndo2db_debug' then @@54.174.13.234:5544
if $programname == 'ndo2db_debug' then ~

Re: Adding ndo2db.debug to logging

Posted: Wed Dec 03, 2014 3:46 pm
by abrist
Can you also post the standard rsyslog rule from the remote host:

Code: Select all

cat /etc/rsyslog.d/99-nagioslogserver.conf

Re: Adding ndo2db.debug to logging

Posted: Wed Dec 03, 2014 3:57 pm
by gurkakrieg
Here you go:

Code: Select all

### Begin forwarding rule for Nagios Log Server                           NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog # Where spool files will live             NAGIOSLOGSERVER
$ActionQueueFileName nlsFwdRule0 # Unique name prefix for spool files     NAGIOSLOGSERVER
$ActionQueueMaxDiskSpace 1g   # 1GB space limit (use as much as possible) NAGIOSLOGSERVER
$ActionQueueSaveOnShutdown on # Save messages to disk on shutdown         NAGIOSLOGSERVER
$ActionQueueType LinkedList   # Use asynchronous processing               NAGIOSLOGSERVER
$ActionResumeRetryCount -1    # Infinite retries if host is down          NAGIOSLOGSERVER
# Remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional       NAGIOSLOGSERVER
*.* @@54.174.13.234:5544                                               # NAGIOSLOGSERVER
### End of Nagios Log Server forwarding rule                              NAGIOSLOGSERVER

Re: Adding ndo2db.debug to logging

Posted: Wed Dec 03, 2014 6:03 pm
by abrist
This may be a silly question, but is ndo2db.debug populating with data and continuing to to do so?

Re: Adding ndo2db.debug to logging

Posted: Wed Dec 03, 2014 6:09 pm
by gurkakrieg
abrist wrote:This may be a silly question, but is ndo2db.debug populating with data and continuing to to do so?
Oh. My. God. I am an idiot.

Nope, not updating. This server has ndo2db logging turned off -- yet another reason to deploy Chef to keep everything change controlled. I'm sorry to have wasted your time on this.

Apologies to all.

Re: Adding ndo2db.debug to logging

Posted: Thu Dec 04, 2014 10:13 am
by cmerchant
No worries. At least we know what the problem was. We'll go ahead and lock the thread. Thanks.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited