Page 1 of 1
[Pre-Purchase]Some questions regarding functionality
Posted: Fri Feb 20, 2015 3:32 am
by OnsightSolutions
Hello all,
We are thinking about purchasing Nagios Log Server, but we got some(well, for now just 1) questions before we can.
We want to replace our current logserver with a different one. Our Logserver of choice is Nagios.
Via our current log server we can automatically export logs to a .txt. I haven't found this in Nagios yet.
What we need is to save certain logs for 3 years. All other logs can be discarded after a shorter time period(not sure exactly for how long we should keep those).
Is there an easy way to export everything or just a certain query to either a different database or to a file?
Thanks!
Re: [Pre-Purchase]Some questions regarding functionality
Posted: Fri Feb 20, 2015 9:07 am
by eloyd
No, you cannot specify different retention times for different types of logs. This is something I've asked for. There may be a request open for it, I do not recall.
NLS does not export logs, it gathers them. To my knowledge there is no way to export what it has gathered as a text file.
Both of these problems can be manged by managing the log file sources themselves, rather than the information sent to NLS. You can still have a copy of the original log file and just use NLS for analysis, trending, reporting, and alerting.
Re: [Pre-Purchase]Some questions regarding functionality
Posted: Fri Feb 20, 2015 10:03 am
by scottwilkerson
We definitely will add some additional items to the UI to be able to easily so some things like this, however, you could run the following on one of your Log Server instances to export your DHCP items
Code: Select all
curl -XPOST 'localhost:9200/logstash-2015.02.18/_export?path=/tmp/dhcp-2015.02.18.zip' -d '{
"query" : {
"match_phrase" : {
"host" : "192.168.5.15"
}
}
}'
This would export all of the items from the index
logstash-2015.02.18 that had a
host field with a value of
192.168.5.15 and place them in /tmp/dhcp-2015.02.18.zip
If you had all the DHCP items tagged with certain tags you could just reference them.
Re: [Pre-Purchase]Some questions regarding functionality
Posted: Fri Feb 20, 2015 10:09 am
by eloyd
I am so glad to be proven wrong!
Re: [Pre-Purchase]Some questions regarding functionality
Posted: Fri Feb 20, 2015 10:10 am
by scottwilkerson
eloyd wrote:No, you cannot specify different retention times for different types of logs. This is something I've asked for. There may be a request open for it, I do not recall.
There is a request open, and it is on the roadmap.
eloyd wrote:NLS does not export logs, it gathers them. To my knowledge there is no way to export what it has gathered as a text file.
Completely incorrect, you actually can add Outputs to your logstash configuration to also output to a list of about 30 different types.
In Administration -> Global Configuration click Show Outputs.
You can add any of the outputs found here
http://logstash.net/docs/1.4.2/
This is
in addition to putting the items in elasticsearch. So, you could also do something like this in the outputs
Code: Select all
if [host] == '192.168.5.15' {
file {
path => "/tmp/all_192.168.5.15_logs.log"
}
}
The caveat here is if you have a multi-instance cluster, you obviously will want to make sure the path is a shared filesystem
Re: [Pre-Purchase]Some questions regarding functionality
Posted: Fri Feb 20, 2015 10:12 am
by scottwilkerson
eloyd wrote:I am so glad to be proven wrong!
A hundred ways to do things with this stack, it is just going to take us some time to document them all....
