Nagios Support Forum

Posted: **Thu Jun 18, 2015 2:25 am**

Hi there,
I am looking for a log management solution for a distributed environment. There are 200 branch offices which are having limited bandwidth. I cant have Nagios Log server in each office as the price will be very high. I cant have all logs forwarded from each office as the bandwidth is very low. I am looking for a log filtering at each office and only necessary events \ logs which need attention are sent to the NOC. Can I achieve this by having logstash on each office and two or three instanced of Nagios Log Server at NOC.

Posted: **Thu Jun 18, 2015 7:58 am**

You can filter what you send by altering the log level within rsyslog as to what gets sent to the Log Server.

By default, the log server install sets all facilities, all severities to be sent. You could change that to only log auth failures and system debug events, for instance.

You need to look at the syslog or rsyslog man pages, but you'll be changing "*.* @<logserver>:5544" to be the various things you want to sent. Like:

Code: Select all

mail.info @<logserver>:5544
*.emerg @<logserver>:5544
authpriv.* @<logserver>:5544

Posted: **Thu Jun 18, 2015 12:30 pm**

eloyd has presented the most ideal solution - this will limit the amount of logs going out of your network. In this case, you could have a simple 3-4 instance cluster in the center of your network to handle the log collection. On the Windows side, you can modify nxlog to achieve the same results.

Jesse

Nagios Support Forum

Nagios Log Server in Distributed Environment

Nagios Log Server in Distributed Environment

Re: Nagios Log Server in Distributed Environment

Re: Nagios Log Server in Distributed Environment