Nagios Support Forum

Code: Select all

cat /usr/local/nagioslogserver/logstash/etc/conf.d/*

Code: Select all

[root@iganagioslog02 logstash]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/*
# 
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 02 Feb 2016 08:33:13 -0500
#

#
# Global inputs
#

input {
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
    syslog {
        type => 'syslog'
        port => 514
    }
    syslog {
        type => 'asa'
        port => 6544
    }
    tcp {
        port => 5544
        type => 'syslog'
    }
    udp {
        port => 5544
        type => 'syslog'
    
    }
}

#
# Local inputs
#


# 
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 02 Feb 2016 08:33:13 -0500
#

#
# Global filters
#

filter {
    if [program] == 'apache_access' {
        grok {
            match => [ 'message', '%{COMBINEDAPACHELOG}']
        }
        date {
            match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z' ]
        }
        mutate {
            replace => [ 'type', 'apache_access' ]
             convert => [ 'bytes', 'integer' ]
             convert => [ 'response', 'integer' ]
        }
    }
     
    if [program] == 'apache_error' {
        grok {
            match => [ 'message', '\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\] \[%{WORD:class}\] \[%{WORD:originator} %{IP:clientip}\] %{GREEDYDATA:errmsg}']
        }
        mutate {
            replace => [ 'type', 'apache_error' ]
        }
    }
    if [program] == 'TrexSyncPubRep' {
    mutate {
    replace => [ 'type', 'TrexSyncPubRep' ]
    }
    }
    if [type] == 'asa' {
    grok{
    match => ['message', '%{SYSLOG5424PRI}%%{WORD:LogType}-%{INT:LogSeverity}-%{INT:LogMessageNumber}: Group = %{IPORHOST:Group}, Username = %{IPORHOST:username}, IP = %{IP:IPAddress}, Session disconnected. Session Type: %{WORD:SessionType}, Duration: %{CUSTOM1:DurationDays=[0-9]?}%{CUSTOM2=d? ?}%{INT:DurationHours:int}h:%{INT:DurationMinutes:int}m:%{INT:DurationSeconds:int}s, Bytes xmt: %{INT:BytesTransmitted:int}, Bytes rcv: %{INT:BytesReceived:int}, Reason: %{GREEDYDATA:Reason}']
    }
    geoip {
      source => "IPAddress"
    }
    }
    if [program] == 'apache_access' {
        geoip {
            source => 'clientip'
        }
    }
    if [program] == 'TrexSyncRep' {
    mutate {
    replace => [ 'type', 'TrexSyncRep' ]
    }
    }
    if [program] == 'Jupiter_log' {
    mutate {
    replace => [ 'type', 'Jupiter' ]
    }
    }
    if [program] == 'diablo_in1_video_management' {
    mutate {
    replace => [ 'type', 'diablo' ]
    }
    }
    if [program] == 'PUB_API_ACCESS' {
    mutate {
    replace => [ 'type', 'APIaccess' ]
    }
    }
    if [program] == 'sudo' {
    mutate {
    replace => [ 'type', 'sudo' ]
    }
    }
    if [program] == 'opt_lrms_logs_cmgopher' {
    mutate {
    replace => [ 'type', 'CMGopher_LRMS' ]
    }
    }
    if [program] == 'lrms_user_mgmt' {
    mutate {
    replace => [ 'type', 'User_Mgmt_LRMS' ]
    }
    }
    if [program] == 'opt_lrms_logs_uam' {
    mutate {
    replace => [ 'type', 'UAMGopher_LRMS' ]
    }
    }
    if [program] == 'cm_log' {
    mutate {
    replace => [ 'type', 'CM_LOG' ]
    }
    }
    if [program] == 'Epsy_log' {
    mutate {
    replace => [ 'type', 'Epsy_log' ]
    }
    }
    if [program] == 'Wowzastream_access' {
    mutate {
    replace => [ 'type', 'wowzastream' ]
    }
    }
    if [program] == 'Wowzastream_error' {
    mutate {
    replace => [ 'type', 'wowzastream' ]
    }
    }
    if [program] == 'lrms_logs' {
    mutate {
    replace => [ 'type', 'LRMS_LOG' ]
    }
    }
    if [program] == 'ca_logs' {
    mutate {
    replace => [ 'type', 'CA_LOG' ]
    }
    }
    if [program] == 'datacleanup_logs' {
    mutate {
    replace => [ 'type', 'DATACLEANUP_LOG' ]
    }
    }
    if [program] == 'draftingrequest_logs' {
    mutate {
    replace => [ 'type', 'DRAFTINGREQUEST_LOG' ]
    }
    }
    if [program] == 'cmgopher_log' {
    mutate {
    replace => [ 'type', 'CMGHPHER_LOG' ]
    }
    }
    if [program] == 'lm_log' {
    mutate {
    replace => [ 'type', 'LM_LOG' ]
    }
    }
    if [type] == "syslog" {
       grok {
           match => { "message" => "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
    }
    }
}

#
# Local filters
#


# 
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Tue, 02 Feb 2016 08:33:13 -0500
#

#
# Required output for Nagios Log Server
#

output {
    elasticsearch {
        cluster => '25e0abdc-5b56-4815-adcb-4239555d0899'
        host => 'localhost'
        document_type => '%{type}'
        node_name => '64030bad-57ce-463a-8dac-a5317c1369f2'
        protocol => 'transport'
        workers => 4
    }
}

#
# Global outputs
#



#
# Local outputs
#

Code: Select all

sed -i 's/^memory_limit.*/memory_limit = 256M/g' /etc/php.ini
service httpd restart

Code: Select all

setcap 'cap_net_bind_service=+ep' $(readlink -f $(which java))

Code: Select all

{:timestamp=>"2016-02-02T03:30:43.607000-0500", :message=>"syslog listener died", :protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:106:in `initialize'", "org/jruby/ext/socket/RubyUDPSocket.java:115:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:134:in `udp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:97:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:30:43.608000-0500", :message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:126:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:152:in `tcp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:101:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:30:48.608000-0500", :message=>"syslog listener died", :protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:106:in `initialize'", "org/jruby/ext/socket/RubyUDPSocket.java:115:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:134:in `udp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:97:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:30:48.608000-0500", :message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:126:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:152:in `tcp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:101:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:30:53.609000-0500", :message=>"syslog listener died", :protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:106:in `initialize'", "org/jruby/ext/socket/RubyUDPSocket.java:115:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:134:in `udp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:97:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:30:53.610000-0500", :message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:126:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:152:in `tcp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:101:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:30:58.610000-0500", :message=>"syslog listener died", :protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:106:in `initialize'", "org/jruby/ext/socket/RubyUDPSocket.java:115:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:134:in `udp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:97:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:30:58.611000-0500", :message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:126:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:152:in `tcp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:101:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:31:03.612000-0500", :message=>"syslog listener died", :protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:106:in `initialize'", "org/jruby/ext/socket/RubyUDPSocket.java:115:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:134:in `udp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:97:in `run'"], :level=>:warn}
{:timestamp=>"2016-02-02T03:31:03.612000-0500", :message=>"syslog listener died", :protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:126:in `initialize'", "org/jruby/RubyIO.java:853:in `new'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:152:in `tcp_listener'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:117:in `server'", "/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-0.1.6/lib/logstash/inputs/syslog.rb:101:in `run'"], :level=>:warn