This support forum board is for support questions relating to
Nagios Log Server , our solution for managing and monitoring critical log data.
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Thu Dec 18, 2014 3:02 pm
i need to set up NLS to pull logs from ports 5544 and 514.
I followed the instructions here:
Code: Select all
http://support.nagios.com/forum/viewtopic.php?f=38&t=30042&p=116795&hilit=514#p116795
and here is my input config file
Code: Select all
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Thu, 18 Dec 2014 14:58:54 -0500
#
#
# Global inputs
#
input {
syslog {
type => 'syslog'
port => 5544
}
tcp {
type => 'eventlog'
port => 3515
codec => json {
charset => 'CP1252'
}
}
tcp {
type => 'import_raw'
tags => 'import_raw'
port => 2056
}
tcp {
type => 'import_json'
tags => 'import_json'
port => 2057
codec => json
}
syslog {
type => 'syslog'
port => 514
}
}
#
# Local inputs
#
where am I going wrong?
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
tgriep
Madmin
Posts: 9177 Joined: Thu Oct 30, 2014 9:02 am
Post
by tgriep » Thu Dec 18, 2014 3:24 pm
Did you follow this guide on Listening on Privileged ports?
http://assets.nagios.com/downloads/nagi ... Server.pdf
If so, did you allow those ports on the Log server's firewall?
Here are the commands to do that.
Code: Select all
iptables -A INPUT -p udp --dport 514 -j ACCEPT
iptables -A INPUT -p udp --dport 5544 -j ACCEPT
Be sure to check out our
Knowledgebase for helpful articles and solutions!
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Thu Dec 18, 2014 4:43 pm
yeah I did all that stuff same deal
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
tmcdonald
Posts: 9117 Joined: Mon Sep 23, 2013 8:40 am
Post
by tmcdonald » Thu Dec 18, 2014 4:50 pm
<manager speak>Let's take a step back and define the problem space before we allocate too many resources erroneously</manager speak>
What specifically is not working? Just not getting logs? Logs showing up as stored documents but not able to search? How are you sending those logs?
Former Nagios employee
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Fri Dec 19, 2014 3:31 pm
logs being sent on port 514 aren't showing up.
this is NLS sys it is listening on:
Code: Select all
tcp: 3515, 2056, 5544, 2057udp: 5544
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
tmcdonald
Posts: 9117 Joined: Mon Sep 23, 2013 8:40 am
Post
by tmcdonald » Fri Dec 19, 2014 3:37 pm
And you not only saved but you applied as well?
What if you run a tcpdump and send a log?
Former Nagios employee
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Mon Dec 22, 2014 11:24 am
ok my fault the data is coming in, but i guess it just isnt in that list sorry guys
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
tmcdonald
Posts: 9117 Joined: Mon Sep 23, 2013 8:40 am
Post
by tmcdonald » Mon Dec 22, 2014 11:38 am
Might still be something we can help with. What list are you referring to?
Former Nagios employee
benhank
Posts: 1264 Joined: Tue Apr 12, 2011 12:29 pm
Post
by benhank » Mon Dec 22, 2014 11:59 am
this one:
Code: Select all
Admin Overview
Logstash is currently collecting locally on: 172.2xxxx tcp: 3515, 2056, 5544, 2057udp: 5544
Proudly running:
NagiosXI 5.4.12 2 node Prod Env 2500 hosts, 13,000 services
Nagiosxi 5.5.7(test env) 2500 hosts, 13,000 services
Nagios Logserver 2 node Prod Env 500 objects sending
Nagios Network Analyser
Nagios Fusion
scottwilkerson
DevOps Engineer
Posts: 19396 Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Post
by scottwilkerson » Mon Dec 22, 2014 3:00 pm
Unfortunately, for security reasons the apache user cannot see what privileged ports are open on the system, so ports below 1024 will not show in this list.
We are going to update the documentation to reflect this.