jboss logging to nagios logserver

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
roddergreg
Posts: 59
Joined: Wed Oct 22, 2014 4:35 am

jboss logging to nagios logserver

Post by roddergreg »

Has anyone successfully setup jboss logging to the nagioslogserver. I'm using the built in jboss mechanism on the jboss server pointing the logs to my nagios logserver. I've created a custom input and seperate port for these logs but there is no logs to be found on my logstash instance.

If someone has successfully setup jboss logging I'd greatly appreciate information on how to set this up. Is a logstash forwarder needed on the jboss server?

Any information would be helpful.

Thank You!
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: jboss logging to nagios logserver

Post by jolson »

As long as you have defined an appropriate logstash input, you should be fine. Double check to ensure that the input ports you have defined are open on your firewall:

Code: Select all

iptables -L -n
Ensure that your port(s) are open. If everything seems fine, please send over a few example logs entries, your logstash input, and your iptables rule:

Code: Select all

cat /usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf

Code: Select all

cat /etc/sysconfig/iptables
Thank you.
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Jklre
Posts: 163
Joined: Wed May 28, 2014 1:56 pm

Re: jboss logging to nagios logserver

Post by Jklre »

roddergreg wrote:Has anyone successfully setup jboss logging to the nagioslogserver. I'm using the built in jboss mechanism on the jboss server pointing the logs to my nagios logserver. I've created a custom input and seperate port for these logs but there is no logs to be found on my logstash instance.

If someone has successfully setup jboss logging I'd greatly appreciate information on how to set this up. Is a logstash forwarder needed on the jboss server?

Any information would be helpful.

Thank You!
A lot of the log monitoring I've been setting up is all for Jboss. You'll need to get into GROK filtering and some fun regex stuff to define your input but it is very doable.
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: jboss logging to nagios logserver

Post by jolson »

roddergreg,

Please review the input provided by myself and Jklre. If you still issues, please respond in this thread. Thanks!
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
roddergreg
Posts: 59
Joined: Wed Oct 22, 2014 4:35 am

Re: jboss logging to nagios logserver

Post by roddergreg »

Sorry for the delayed response.

IPTABLES are turned off this is a source build not the standard logserver image

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Code: Select all

# 
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 09 Mar 2015 11:21:18 -0400
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
    udp {
         type => 'syslog'
         port => 514
    }
    tcp {
        type => 'iis'
        port => 3525
        format => 'json'
    }
    tcp {
        type => 'Netscaler'
        port => 1517
    }
    tcp {
        type => 'vCenter'
        port => 1515
    }
    tcp {
        type => 'VMware'
        port => 1514
    }
    tcp {
         type => 'syslog'
         port => 514
    }
    udp {
         type => 'jboss'
         port => 12345
    }
}

#
# Local inputs
#

Code: Select all

cat /etc/sysconfig/iptables-config 
# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
#   Value: yes|no,  default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
#   Value: yes|no,  default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

# Reload sysctl settings on start and restart
#   Default: -none-
# Space separated list of sysctl items which are to be reloaded on start.
# List items will be matched by fgrep.
#IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: jboss logging to nagios logserver

Post by jolson »

If you run a TCPDump on your Nagios Log Server, do your jboss logs show up?

Code: Select all

yum -y install tcpdump
tcpdump -n dst port 12345
Please post them if they do.

If they show up in tcpdump, but not in the Nagios Log Server GUI, there could be a few different things happening.

1. Logstash is not accepting the logs properly. If there are any errors here, they would likely appear in the logs:

Code: Select all

tail /var/log/logstash/logstash.log
2. There aren't proper filters set up for your JBOSS logs, meaning they wouldn't be tagged properly. If this is the problem, I would like to see your filters:

Code: Select all

cat /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf
I would also like an example of the logs being sent over, so that I can define a custom filter for you to test with.

Thanks!


Jesse
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
Locked

Return to “Nagios Log Server”