Nagios Support Forum

Sorry for the newb question as I am still trying to figure out the capabilities of the Nagios Log server.
I have a solaris zone with 3 applications that create their own log files. Is there a way to send these log files to the nagios log server?

Yes. Any modern syslog daemon (rsyslog for instance) can be used to send logs to the local host as files, and to a remote host. Log Server doesn't do anything to the host, the host just sends data to the Log Server. You may need a man page for your systems's specific syslog service.

Why would you think that the log server would do anything to remote host? Please explain your inference regarding this -

Log Server doesn't do anything to the host, the host just sends data to the Log Server.

If you know the syntax for syslog to send a file to a remote host it would be much appreciated. Also wouldn't this be problematic in sending out notifications that need to be processed immediately?

I don't think that NLS needs to do anything to the remote host. I was clarifying for you, in case there was any confusion that Nagios Log Server needed to "do something" to the host you wanted to monitor. Apparently, all I did was confuse things. Sorry about that!

It sounds like you may need a primer on what NLS does. It accepts data (log information) from other hosts. It then indexes it and allows for searches to made against that data. Unless you then go further to make it automatically scan the indexed data to search for specific queries and alert on them, there are no alerts generated. Just like other Nagios products, you have a number of configuration options as far as how to do alerts and search for matching (or non-matching) patterns in the data.

Log file information is typically not something that "[sends] out notifications that need to be processed immediately." Unless you are looking for security issues like login failures. Still, you can specify an alert that checks every few seconds and scans a security log looking for login failures, and then send an alert when you find one. So unless I am misunderstanding you, that should take care of that problem.

The bigger problem is getting data into NLS in the first place. You'll need to tell your existing computer to send syslog data to NLS port 5544 (by default). You can optionally tell it to continue to log to the local syslog file (or other file). It's been a long time since I've played with Solaris, so I can't give you specifics, but I'm sure you're not the first person to use syslog on Solaris to send to a remote syslog server. In the end, that's all NLS is - a remote syslog server.

Thanks for the explanation @eloyd!

@emartine - do you have rsyslog installed on the machine? If not, what are you using for your syslogs?

An general example, would be to add the following to your rsyslog configuration file -

syslog is installed on solaris 10.

From the Home screen of NLS, Click the 'Linux Source' Icon / text, and then under 'Set Up More Sources', click 'Linux Files'.

From there, you can follow either the Script setup (which will make the changes for you), or the Manual setup. Both ways are pretty straight forward.

An example for the script setup. You will want to change the path part, /path/to/file /path/to/another/file/*.log and what the FILE_TAG is set to.

Problem with this script it that I am going to be running it on solaris. I am assuming that is what you want me to do. Compatibility is of course always a problem... so I need to dig through it and find out what exactly you want me to do here.
As I've mentioned before this works fine on a Linux server.

It should be a similar process to other Linux machines. http://unix.stackexchange.com/questions ... ote-system