Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

ports 514 and 5544

https://support.nagios.com/forum/viewtopic.php?t=30606

Page 1 of 2

ports 514 and 5544

Posted: Thu Dec 18, 2014 3:02 pm
by benhank
i need to set up NLS to pull logs from ports 5544 and 514.
I followed the instructions here:

Code: Select all

http://support.nagios.com/forum/viewtopic.php?f=38&t=30042&p=116795&hilit=514#p116795
and here is my input config file

Code: Select all

# 
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Thu, 18 Dec 2014 14:58:54 -0500
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
    syslog {
        type => 'syslog'
        port => 514
    }
}

#
# Local inputs
#
where am I going wrong?

Re: ports 514 and 5544

Posted: Thu Dec 18, 2014 3:24 pm
by tgriep
Did you follow this guide on Listening on Privileged ports?

http://assets.nagios.com/downloads/nagi ... Server.pdf

If so, did you allow those ports on the Log server's firewall?
Here are the commands to do that.

Code: Select all

iptables -A INPUT -p udp --dport 514 -j ACCEPT
iptables -A INPUT -p udp --dport 5544 -j ACCEPT

Re: ports 514 and 5544

Posted: Thu Dec 18, 2014 4:43 pm
by benhank
yeah I did all that stuff same deal

Re: ports 514 and 5544

Posted: Thu Dec 18, 2014 4:50 pm
by tmcdonald
<manager speak>Let's take a step back and define the problem space before we allocate too many resources erroneously</manager speak>

What specifically is not working? Just not getting logs? Logs showing up as stored documents but not able to search? How are you sending those logs?

Re: ports 514 and 5544

Posted: Fri Dec 19, 2014 3:31 pm
by benhank
logs being sent on port 514 aren't showing up.
this is NLS sys it is listening on:

Code: Select all

tcp: 3515, 2056, 5544, 2057udp: 5544

Re: ports 514 and 5544

Posted: Fri Dec 19, 2014 3:37 pm
by tmcdonald
And you not only saved but you applied as well?

What if you run a tcpdump and send a log?

Code: Select all

tcpdump port 514 -X

Re: ports 514 and 5544

Posted: Mon Dec 22, 2014 11:24 am
by benhank
ok my fault the data is coming in, but i guess it just isnt in that list sorry guys

Re: ports 514 and 5544

Posted: Mon Dec 22, 2014 11:38 am
by tmcdonald
Might still be something we can help with. What list are you referring to?

Re: ports 514 and 5544

Posted: Mon Dec 22, 2014 11:59 am
by benhank
this one:

Code: Select all

Admin Overview
Logstash is currently collecting locally on: 172.2xxxx tcp: 3515, 2056, 5544, 2057udp: 5544

Re: ports 514 and 5544

Posted: Mon Dec 22, 2014 3:00 pm
by scottwilkerson
Unfortunately, for security reasons the apache user cannot see what privileged ports are open on the system, so ports below 1024 will not show in this list.

We are going to update the documentation to reflect this.
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited