Nagios Support Forum

Hello Nagios LOG support

We tried following LOG wizards (configured rsyslog) to ship application log files of interest to LOG server.
Something does not work for us as expected: we get syslog itself, but not the application logs.
It seems the rsyslog had created new .conf file instead (with configuration, suggested by LOG Wizard)

rsyslog.conf and /etc/rsyslog.d/90-nagioslogserver_opt_alfresco_current_solr.log.conf are attached.

This is RedHat EL 6.x server

What did we do wrong?
- application log entries do not appear in LOG (no matter the queries), only syslog entries (which we do not need)

Can we see an example of one of the logs?

Is there anything showing up in /var/log/logstash/logstash.log ?

hsmith wrote:Can we see an example of one of the logs?

Is there anything showing up in /var/log/logstash/logstash.log ?

Here they are:

rsyslog and solr.log (application)

Looking at your log file:

ls -l /opt/alfresco/current/solr.log
-rw------- 1 alfrescoqa alfrescoqa 85281 Mar 26 19:06 /opt/alfresco/current/solr.log

It does not look like the log has been updated since Mar 26. Is it possible that no logs are being processed because nothing is being logged ?

What happens if you add a test line to the log? Does it get passed to log server?

Box293 wrote:Looking at your log file:

ls -l /opt/alfresco/current/solr.log
-rw------- 1 alfrescoqa alfrescoqa 85281 Mar 26 19:06 /opt/alfresco/current/solr.log

It does not look like the log has been updated since Mar 26. Is it possible that no logs are being processed because nothing is being logged ?

What happens if you add a test line to the log? Does it get passed to log server?

Code: Select all

echo "20:06:33,068 WARN  [org.alfresco.solr.tracker.CoreTracker] This is a test." >> /opt/alfresco/current/solr.log

Not that, just an old LOG, let me get never one

Are there any errors showing up in /var/log/logstash.log during the times that you are expecting these logs to come in?

hsmith wrote:Are there any errors showing up in /var/log/logstash.log during the times that you are expecting these logs to come in?

- still to check on this one (tomorrow) since the servers would be vendor-managed

Please help to figure something else about this trouble:

The initial configuration:
------------------------------------------------------------------------------------------------
curl -s -O http://logging.konecranes.com/nagioslog ... p-linux.sh
bash setup-linux.sh -s logging.konecranes.com -p 5544
------------------------------------------------------------------------------------------------
- creates "*.* @@logging.konecranes.com:5544" entry in 99-nagioslogserver.conf


While the Linuxfile configurations:
====================================================================
curl -s -O http://logging.konecranes.com/nagioslog ... p-linux.sh
bash setup-linux.sh -s logging.konecranes.com -p 5544 -f "/path/to/file /path/to/another/file/*.log" -t FILE_TAG
====================================================================
- creates "if $programname == 'MYTAG' then @@logging.konecranes.com:5544" entry in daily '90-*.conf' files

So do we need the first entry in 99-nagioslogserver.conf or should we comment it?

Also, if configurations are no longer correct, would deleting these 90-.conf files remove them so that new Linuxfile configuration could be created instead?

Thank you

I've always left both files on all of the servers that I am collection logs from.

You are safe to delete those files and remake them if you wish to as well.

hsmith wrote:I've always left both files on all of the servers that I am collection logs from.

You are safe to delete those files and remake them if you wish to as well.

This is now working:
- we have deleted all conf files created previously and only added conf for specific applicaiton log file (path), but not the syslog.
- re-tagged them too

Please close the thread

Closing it up. Thank you!