There is nothing built-in that will return log information from Nagios LS to Nagios XI, but with a little bit of development it wouldn't be hard to achieve this result.
If you take a look at any Nagios Log Server query, you can press the 'inspect' button to get a curl command for that query.
2015-06-19 10_51_36-Dashboard • Nagios Log Server - Firefox Developer Edition.png
Code: Select all
{
"took": 10,
"timed_out": false,
"_shards": {
"total": 10,
"successful": 10,
"failed": 0
},
"hits": {
"total": 208992,
"max_score": 1,
"hits": [
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "sMAiNig_Tt2YNiiBiXpimw",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php poller > \/usr\/local\/nagioslogserver\/var\/poller.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 00: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 00: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "32691",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "y0-7h57KR7q59mvpJp_stw",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 00: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 00: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "h_m68KJQQhCurW37_oeIrQ",
"_score": 1,
"_source": {
"message": "(root) CMD (run-parts \/etc\/cron.hourly)",
"@version": "1",
"@timestamp": "2015-06-19T00: 01: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 01: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "306",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "cWj5VIrVSTm4_iFDLg9qIg",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php poller > \/usr\/local\/nagioslogserver\/var\/poller.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 04: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 04: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "566",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "EuaW1lRmRCmfBd5ITN22LA",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 05: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 05: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "6tILP2vtTii4QLCnVfoDSg",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php poller > \/usr\/local\/nagioslogserver\/var\/poller.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 06: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 06: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "729",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "fZmDu1PLS9upm4KyDOEzNQ",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 06: 34.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 06: 34",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "uTh1CeHITC69VL0LeEtNXQ",
"_score": 1,
"_source": {
"message": "(nagios) CMD (\/usr\/bin\/php -q \/var\/www\/html\/nagioslogserver\/www\/index.php jobs > \/usr\/local\/nagioslogserver\/var\/jobs.log 2>&1)",
"@version": "1",
"@timestamp": "2015-06-19T00: 07: 01.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 78,
"timestamp": "Jun 18 19: 07: 01",
"logsource": "localhost",
"program": "CROND",
"pid": "807",
"severity": 6,
"facility": 9,
"facility_label": "clock",
"severity_label": "Informational",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "jEP1WMRZRsyLRvXY9kmq-g",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 13: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 13: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
},
{
"_index": "logstash-2015.06.19",
"_type": "syslog",
"_id": "m5alG91FRHKe5ZU0wVb9qw",
"_score": 1,
"_source": {
"message": " nagios : TTY=unknown ; PWD=\/var\/www\/html\/nagioslogserver\/www ; USER=root ; COMMAND=\/etc\/init.d\/logstash status",
"@version": "1",
"@timestamp": "2015-06-19T00: 14: 31.000Z",
"type": "syslog",
"host": "localhost.localdomain",
"priority": 85,
"timestamp": "Jun 18 19: 14: 31",
"logsource": "localhost",
"program": "sudo",
"severity": 5,
"facility": 10,
"facility_label": "security\/authorization",
"severity_label": "Notice",
"tags": [
"dns"
]
}
}
]
}
}[
In this way, a custom plugin could be designed to pull the information that you're requesting.
It's worth mentioning that we have a wizard in XI that will be able to run active checks against Nagios Log Server queries - but this default wizard doesn't return log results, it just returns an OK, WARNING, or CRITICAL depending on the amount of logs contained in the NLS query in question. For instance, you could have a NLS query for 'windows logins failed', and you'd set the warning threshold to 2 and critical to 5. If 6 logs are returned in that query, XI could alert you - you would still have to use the NLS GUI to see those exact logs though.