Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

New NLS system, not receiving IIS logs

https://support.nagios.com/forum/viewtopic.php?t=38470

Page 1 of 1

New NLS system, not receiving IIS logs

Posted: Wed May 18, 2016 4:25 pm
by mobitorIT
Hello Nagios team,

We have setup a new Nagios Log Server today and created the below conf file (based on the template provided by Nagios). We're trying to collect IIS log files from our host XXX.XXX.XXX.XXX and have not received them. We *are* receiving System Event Log files from the host successfully just not the IIS log files. Our conf file is below.

We have tried: Stopped/restarting nxlog service many times. Using telnet to successfully confirm that the client has connectivity on port 3515 to the server. Check the nxlog.log for errors and there are none.

Thanks for your guidance.

Re: New NLS system, not receiving IIS logs

Posted: Wed May 18, 2016 4:31 pm
by hsmith
Is there anything in /var/log/logstash/logstash.log ?

Are you trying to generate new logs? Sometimes the previous logs are not sent. That can be tweaked in NXLog.

Re: New NLS system, not receiving IIS logs

Posted: Wed May 18, 2016 4:39 pm
by mobitorIT
Not much in the logstash.log -- just two entries from a couple hours ago when we first installed:
{:timestamp=>"2016-05-18T12:30:54.531000-0700", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2016-05-18T12:30:54.558000-0700", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}

Yes, we are successfully generating lots of events in the u_in160518.log file which Nagios is watching.

Re: New NLS system, not receiving IIS logs

Posted: Wed May 18, 2016 4:58 pm
by hsmith
How are you searching for them on the dashboard? Can I see screenshots?

Re: New NLS system, not receiving IIS logs

Posted: Wed May 18, 2016 5:22 pm
by mobitorIT
Mainly searching by timestamp. It is clearly not displaying log entries that we are seeing in the IIS log.

Another definitive test is searching by type (see attached) which shows that we only have syslogs and eventlogs -- no other types of logs

Re: New NLS system, not receiving IIS logs

Posted: Wed May 18, 2016 6:22 pm
by Box293
Try enabling debug logging to watch what logstash is doing.
Edit the file /etc/init.d/logstash

Find line 63:

Code: Select all

DAEMON_OPTS="agent -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"
Insert --debug after agent

Code: Select all

DAEMON_OPTS="agent --debug -f ${LS_CONF_DIR} -l ${LS_LOG_FILE} ${LS_OPTS}"
Save the file and restart logstash

Code: Select all

service logstash restart
Now watch the log:

Code: Select all

tail -f /var/log/logstash/logstash.log
You are going to see a lot of logs, but you are trying to see if the logs are being received.

Remove --debug when done, otherwise a large file will be created.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited