Nagios Support Forum

We have started to use syslog-ng instead of syslogd.
How can I configure or OpenSuse13.1 Server to send the syslog to our NagiosLogServer.
Thank you for your help.

Using syslog-ng, your configuration should look something like this:

Add the following to /etc/syslog.conf:
Be sure to replace '10.0.0.1' with the IP address of a Nagios Log Server node. You're also free to change the port as you desire. After adding the above to your configuration file, be sure to restart syslog-ng.

This file is also often located at /etc/syslog-ng/syslog-ng.conf

I am also adding documentation for syslog-ng to the next version of Log Server

Improving on this post, I would recommend settings like this, to be sure we are setting the syslog-protocol flag This time replacing %hostname% with the hostname of your Log Server cluster

Thank you for your reply.
Could you please help me to forward apache2 logs to Nagios Log Server also using syslog-ng?
I would like to send all log files under /var/log/apache2/ to our Nagios Log Server and configure a filter to recognize them.
Thank you.

Something like this:

Hi Scott
Thank you for your reply.
Is there a default filter on the Nagios Log Server which I can apply for apache2 logs?
All your documentation is based on "rsyslog.conf"

The included filter can be viewed at 'Administration -> Global Configuration'. The filter should apply if your apache logs are detected appropriately. If not, you might find some of my older write-ups useful regarding filter construction:

http://support.nagios.com/forum/viewtop ... 37&t=32221
http://support.nagios.com/forum/viewtop ... 68#p134768
http://support.nagios.com/forum/viewtop ... 28#p137728

How can I make sure that they are detected?
Can I "flag" them in the syslong-ng.conf?

The closest I could find was this:

https://www.balabit.com/sites/default/f ... sages.html

That will just let you know if syslog-ng is working, not whether it has sent a particular message to NLS. That might be a question for the syslog-ng forums.

I have solved my problem as follow:
1. Create "Inputs" for Apache Access Logs
udp {
type => "apache_access_log"
port => 3333
}
2. Create "Inputs" for the Apache Error Logs
udp {
type => "apache_error_log"
port => 3334
}
3. Create following"Filter":
if [type] == 'apache_access_log' {
grok {
match => [ 'message', '%{COMMONAPACHELOG}']
}
geoip {
source => 'clientip'
}
date {
match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z' ]
}
mutate {
replace => [ 'type', 'apache_access' ]
convert => [ 'bytes', 'integer' ]
convert => [ 'response', 'integer' ]
}
}

if [type] == 'apache_error_log' {
grok {
match => [ 'message', '\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\] \[.*:%{LOGLEVEL:loglevel}\] \[pid %{NUMBER:pid}\] \[client %{IP:clientip}:.*\] %{GREEDYDATA:errormsg}']
}
mutate {
replace => [ 'type', 'apache_error' ]
}
}

Thank you all for your help.
Cheers,