Nagios Support Forum

neil_davidson wrote:It seems that when a cluster is created, all members are treated equally and no single member is the 'master' unit. Assuming that is the case, is it best practice to send logs to the cluster member closest to the log source? If so, is there a convenient way to keep track of what log sources are sending logs to which members? Or should we send all logs to one particular member? In which case, what happens when that member goes down?

neil_davidson wrote:Next, if Log Servers are located remotely from each other, what firewall ports would need to be opened to allow them to communicate?

neil_davidson wrote:With regards to the repository, the documentation example shows '/tmp' as the location, which presumably is the '/tmp' directory on the particular member where the configuration is being done. And it is necessary for all cluster members to have access to that directory, so they are all sending information to that specific directory (i.e. not the '/tmp' directory on their own local hosts). But if I want to store the repository on a remote location, say a CIFS file share, what would the syntax be for entering that location and what would I need to know to allow the Log Servers to access that directory?

This location MUST be a shared filesystem accessible to all data instances in the cluster or either backups or restoration can fail

Box293 wrote:The cluster determines who the master is, generally this doesn't change unless the master reboots and another member gets promoted to be the master.

Box293 wrote:You can create a dashboard with a query that showed what cluster members are receiving logs from what devices.

Box293 wrote:If they are remote then you need to really have a 1GB link between the remote locations, a lot of data is sent around to all the members. Port 9200 is the default port used:

Box293 wrote:I assume you are talking about Backup & Maintenance.
When you go to create a repository there is a ? next to the "Repository Location" field which says:

This location MUST be a shared filesystem accessible to all data instances in the cluster or either backups or restoration can fail

These links may help:
https://support.nagios.com/kb/article.php?id=303
https://support.nagios.com/kb/article.php?id=494

neil_davidson wrote:Is that just with regards to the Elasticsearch, which I believe needs a master? Is there any other way that the master is special? Just curious.

neil_davidson wrote:Hmm. I see how I can go to the 'host' field and create a table using the 'Terms' drop-down that shows the top 10 hosts along with the hit counts, but I don't see how to add the corresponding cluster member to the table. Or am I going about it the wrong way?

neil_davidson wrote:Thanks yes, I'd seen all that. I'm looking for more specific configuration details. Say, if I want to store the repository in a CIFS (Windows) File Share at 10.10.10.10 in the "\Backup\Nagios" directory, would I enter "\\10.10.10.10\Backup\Nagios" in the location field or is there some other syntax? And assuming I need to set up a 'nagios' user on that system to allow it write access, is there a default password?

10.25.11.11:/mnt/nfs_disk_01/nagios_log_server_common_backups /mnt/nagios_log_server_common_backups nfs defaults 0 0

hsmith wrote:I'm not entirely sure that there's a field created indicating which cluster member received which log. I might be misunderstanding this, but there's not a great way I can think of to do this. Something you COULD do is make some new inputs, only send the logs from a certain device to the port of that input on a certain IP, and have it be tagged as a certain type. That is super roundabout, and probably not the best way to do it, but I cannot think of another.