This support forum board is for support questions relating to
Nagios Log Server , our solution for managing and monitoring critical log data.
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank Thu Dec 18, 2014 3:02 pm
i need to set up NLS to pull logs from ports 5544 and 514.
I followed the instructions here:
Code: Select all
http://support.nagios.com/forum/viewtopic.php?f=38&t=30042&p=116795&hilit=514#p116795
and here is my input config file
Code: Select all
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Thu, 18 Dec 2014 14:58:54 -0500
#
#
# Global inputs
#
input {
syslog {
type => 'syslog'
port => 5544
}
tcp {
type => 'eventlog'
port => 3515
codec => json {
charset => 'CP1252'
}
}
tcp {
type => 'import_raw'
tags => 'import_raw'
port => 2056
}
tcp {
type => 'import_json'
tags => 'import_json'
port => 2057
codec => json
}
syslog {
type => 'syslog'
port => 514
}
}
#
# Local inputs
#
where am I going wrong?
Proudly running:
tgriep
Madmin
Posts: 9177 Joined: Thu Oct 30, 2014 9:02 am
Post
by tgriep Thu Dec 18, 2014 3:24 pm
Did you follow this guide on Listening on Privileged ports?
http://assets.nagios.com/downloads/nagi ... Server.pdf
If so, did you allow those ports on the Log server's firewall?
Here are the commands to do that.
Code: Select all
iptables -A INPUT -p udp --dport 514 -j ACCEPT
iptables -A INPUT -p udp --dport 5544 -j ACCEPT
Be sure to check out our
Knowledgebase for helpful articles and solutions!
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank Thu Dec 18, 2014 4:43 pm
yeah I did all that stuff same deal
Proudly running:
tmcdonald
Posts: 9117 Joined: Mon Sep 23, 2013 8:40 am
Post
by tmcdonald Thu Dec 18, 2014 4:50 pm
<manager speak>Let's take a step back and define the problem space before we allocate too many resources erroneously</manager speak>
Former Nagios employee
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank Fri Dec 19, 2014 3:31 pm
logs being sent on port 514 aren't showing up.
this is NLS sys it is listening on:
Code: Select all
tcp: 3515, 2056, 5544, 2057udp: 5544Proudly running:
tmcdonald
Posts: 9117 Joined: Mon Sep 23, 2013 8:40 am
Post
by tmcdonald Fri Dec 19, 2014 3:37 pm
And you not only saved but you applied as well?
What if you run a tcpdump and send a log?
Former Nagios employee
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank Mon Dec 22, 2014 11:24 am
ok my fault the data is coming in, but i guess it just isnt in that list sorry guys
Proudly running:
tmcdonald
Posts: 9117 Joined: Mon Sep 23, 2013 8:40 am
Post
by tmcdonald Mon Dec 22, 2014 11:38 am
Might still be something we can help with. What list are you referring to?
Former Nagios employee
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank Mon Dec 22, 2014 11:59 am
this one:
Code: Select all
Admin Overview
Logstash is currently collecting locally on: 172.2xxxx tcp: 3515, 2056, 5544, 2057udp: 5544 Proudly running:
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pmLocation: Nagios Enterprises
Contact:
Post
by scottwilkerson Mon Dec 22, 2014 3:00 pm
Unfortunately, for security reasons the apache user cannot see what privileged ports are open on the system, so ports below 1024 will not show in this list.
