Page 1 of 1
jboss logging to nagios logserver
Posted: Sun Mar 15, 2015 11:56 am
by roddergreg
Has anyone successfully setup jboss logging to the nagioslogserver. I'm using the built in jboss mechanism on the jboss server pointing the logs to my nagios logserver. I've created a custom input and seperate port for these logs but there is no logs to be found on my logstash instance.
If someone has successfully setup jboss logging I'd greatly appreciate information on how to set this up. Is a logstash forwarder needed on the jboss server?
Any information would be helpful.
Thank You!
Re: jboss logging to nagios logserver
Posted: Mon Mar 16, 2015 9:27 am
by jolson
As long as you have defined an appropriate logstash input, you should be fine. Double check to ensure that the input ports you have defined are open on your firewall:
Ensure that your port(s) are open. If everything seems fine, please send over a few example logs entries, your logstash input, and your iptables rule:
Code: Select all
cat /usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf
Thank you.
Re: jboss logging to nagios logserver
Posted: Mon Mar 16, 2015 11:58 am
by Jklre
roddergreg wrote:Has anyone successfully setup jboss logging to the nagioslogserver. I'm using the built in jboss mechanism on the jboss server pointing the logs to my nagios logserver. I've created a custom input and seperate port for these logs but there is no logs to be found on my logstash instance.
If someone has successfully setup jboss logging I'd greatly appreciate information on how to set this up. Is a logstash forwarder needed on the jboss server?
Any information would be helpful.
Thank You!
A lot of the log monitoring I've been setting up is all for Jboss. You'll need to get into GROK filtering and some fun regex stuff to define your input but it is very doable.
Re: jboss logging to nagios logserver
Posted: Mon Mar 16, 2015 2:02 pm
by jolson
roddergreg,
Please review the input provided by myself and Jklre. If you still issues, please respond in this thread. Thanks!
Re: jboss logging to nagios logserver
Posted: Fri Mar 27, 2015 11:01 am
by roddergreg
Sorry for the delayed response.
IPTABLES are turned off this is a source build not the standard logserver image
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Code: Select all
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 09 Mar 2015 11:21:18 -0400
#
#
# Global inputs
#
input {
syslog {
type => 'syslog'
port => 5544
}
tcp {
type => 'eventlog'
port => 3515
codec => json {
charset => 'CP1252'
}
}
tcp {
type => 'import_raw'
tags => 'import_raw'
port => 2056
}
tcp {
type => 'import_json'
tags => 'import_json'
port => 2057
codec => json
}
udp {
type => 'syslog'
port => 514
}
tcp {
type => 'iis'
port => 3525
format => 'json'
}
tcp {
type => 'Netscaler'
port => 1517
}
tcp {
type => 'vCenter'
port => 1515
}
tcp {
type => 'VMware'
port => 1514
}
tcp {
type => 'syslog'
port => 514
}
udp {
type => 'jboss'
port => 12345
}
}
#
# Local inputs
#
Code: Select all
cat /etc/sysconfig/iptables-config
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""
# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"
# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"
# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"
# Verbose status output
# Value: yes|no, default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"
# Status output with numbered lines
# Value: yes|no, default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"
# Reload sysctl settings on start and restart
# Default: -none-
# Space separated list of sysctl items which are to be reloaded on start.
# List items will be matched by fgrep.
#IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"
Re: jboss logging to nagios logserver
Posted: Fri Mar 27, 2015 11:15 am
by jolson
If you run a TCPDump on your Nagios Log Server, do your jboss logs show up?
Code: Select all
yum -y install tcpdump
tcpdump -n dst port 12345
Please post them if they do.
If they show up in tcpdump, but not in the Nagios Log Server GUI, there could be a few different things happening.
1. Logstash is not accepting the logs properly. If there are any errors here, they would likely appear in the logs:
Code: Select all
tail /var/log/logstash/logstash.log
2. There aren't proper filters set up for your JBOSS logs, meaning they wouldn't be tagged properly. If this is the problem, I would like to see your filters:
Code: Select all
cat /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf
I would also like an example of the logs being sent over, so that I can define a custom filter for you to test with.
Thanks!
Jesse