Log Server not receiving messages

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
ruchira
Posts: 6
Joined: Thu Aug 11, 2016 8:51 pm

Log Server not receiving messages

Post by ruchira »

I am checking few solutions to check syslog and installed NagiosLogServer which seems fine.
and added a log source
###########################################################

Code: Select all

[root@host_name ~]# curl -s -O http://dev-tailor2/nagioslogserver/scripts/setup-linux.sh
[root@Host_name ~]# bash setup-linux.sh -s dev-tailor2 -p 5544
Your system $PATH does not include /sbin and /usr/sbin. This could be the result of installing GNOME rather than creating a clean system.
Adding /sbin and /usr/sbin to $PATH.
Detected rsyslog 7.4.7
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: dev-tailor2:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
Redirecting to /bin/systemctl restart  rsyslog.service
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.
#########################################################################

But nothing on the dashboard
logstash is running properly
###########################################################################

Code: Select all

Logstash Daemonlogstash.service - LSB: Logstash
   Loaded: loaded (/etc/rc.d/init.d/logstash)
   Active: active (exited) since Fri 2016-08-12 10:18:13 WST; 9min ago
  Process: 9098 ExecStop=/etc/rc.d/init.d/logstash stop (code=exited, status=0/SUCCESS)
  Process: 9108 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)

Aug 12 10:18:24 XXXXXXXXXXXX logstash[9108]: start_inputs at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/pipeline.rb:147
Aug 12 10:18:24 XXXXXXXXXXX logstash[9108]: synchronize at org/jruby/ext/thread/Mutex.java:149
Aug 12 10:18:24 XXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/pipeline.rb:80
Aug 12 10:18:24 XXXXXXXXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/pipeline.rb:80
Aug 12 10:18:24 XXXXXXXXXXXXXXXXX logstash[9108]: execute at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/agent.rb:150
Aug 12 10:18:24 XXXXXXXXXXXXXXXXXXXXXXXX logstash[9108]: call at org/jruby/RubyProc.java:271
Aug 12 10:18:24 XXXXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/runner.rb:87
Aug 12 10:18:24 XXXXXXXXXXXXXXX logstash[9108]: call at org/jruby/RubyProc.java:271
Aug 12 10:18:24 XXXXXXXXXXXXXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/runner.rb:92
Aug 12 10:18:24 XXXXXXXXXXXXXXXXX runuser[9114]: pam_unix(runuser:session): session closed for user nagios
####################################################################################

and reciving logs from log source

Code: Select all

# tcpdump src host log_source_ip and tcp dst port 5544 and dst host nagioslogserver_IP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

10:19:16.962508 IP XXXXXXXXXXXXXXXX  .37905 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2102465374, win 14600, options [mss 1460,sackOK,TS val 407808648 ecr 0,nop,wscale 7], length 0
10:19:46.998323 IP XXXXXXXXXXXXXXXX  .37978 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3196620400, win 14600, options [mss 1460,sackOK,TS val 407838684 ecr 0,nop,wscale 7], length 0
10:20:17.031352 IP XXXXXXXXXXXXXXXX  .38051 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3355995753, win 14600, options [mss 1460,sackOK,TS val 407868717 ecr 0,nop,wscale 7], length 0
10:20:47.068592 IP XXXXXXXXXXXXXXXX  .38124 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 1053464637, win 14600, options [mss 1460,sackOK,TS val 407898753 ecr 0,nop,wscale 7], length 0
10:21:17.104351 IP XXXXXXXXXXXXXXXX  .38197 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3442125058, win 14600, options [mss 1460,sackOK,TS val 407928790 ecr 0,nop,wscale 7], length 0
10:21:47.138719 IP XXXXXXXXXXXXXXXX  .38269 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 787019552, win 14600, options [mss 1460,sackOK,TS val 407958826 ecr 0,nop,wscale 7], length 0
10:22:17.148512 IP XXXXXXXXXXXXXXXX  .38339 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2978900797, win 14600, options [mss 1460,sackOK,TS val 407988836 ecr 0,nop,wscale 7], length 0
10:22:47.178124 IP XXXXXXXXXXXXXXXX  .38411 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2829264381, win 14600, options [mss 1460,sackOK,TS val 408018866 ecr 0,nop,wscale 7], length 0
10:23:17.213777 IP XXXXXXXXXXXXXXXX  .38484 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2114725888, win 14600, options [mss 1460,sackOK,TS val 408048902 ecr 0,nop,wscale 7], length 0
10:23:47.250438 IP XXXXXXXXXXXXXXXX  .38557 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3844739351, win 14600, options [mss 1460,sackOK,TS val 408078939 ecr 0,nop,wscale 7], length 0
10:24:17.288118 IP XXXXXXXXXXXXXXXX  .38630 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2147035330, win 14600, options [mss 1460,sackOK,TS val 408108977 ecr 0,nop,wscale 7], length 0
10:24:47.325623 IP XXXXXXXXXXXXXXXX  .38704 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 896153796, win 14600, options [mss 1460,sackOK,TS val 408139014 ecr 0,nop,wscale 7], length 0
10:25:17.359677 IP XXXXXXXXXXXXXXXX  .38776 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3569642898, win 14600, options [mss 1460,sackOK,TS val 408169049 ecr 0,nop,wscale 7], length 0
10:25:47.395299 IP XXXXXXXXXXXXXXXX  .38849 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2910915721, win 14600, options [mss 1460,sackOK,TS val 408199085 ecr 0,nop,wscale 7], length 0
10:26:17.431332 IP XXXXXXXXXXXXXXXX  .38921 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2016469944, win 14600, options [mss 1460,sackOK,TS val 408229121 ecr 0,nop,wscale 7], length 0
10:26:47.459425 IP XXXXXXXXXXXXXXXX  .38994 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2888103235, win 14600, options [mss 1460,sackOK,TS val 408259150 ecr 0,nop,wscale 7], length 0
10:27:17.494092 IP XXXXXXXXXXXXXXXX  .39067 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2209121603, win 14600, options [mss 1460,sackOK,TS val 408289185 ecr 0,nop,wscale 7], length 0

What could be reason for this ?
Last edited by tmcdonald on Mon Aug 15, 2016 10:23 am, edited 1 time in total.
Reason: Please use [code][/code] tags around long output
Top
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: Log Server not receiving messages

Post by rkennedy »

What is the output of date on both machines?
Former Nagios Employee
Top
ruchira
Posts: 6
Joined: Thu Aug 11, 2016 8:51 pm

Re: Log Server not receiving messages

Post by ruchira »

HI,
Because of this Issue I did a complete Instalation from the beggining again and every steps was successful
bur again same issue

please find the output of date on Both nagioslogserver and client sending syslogs
[root@dev-tailor2 nagioslogserver]# date
Mon Aug 15 11:37:11 WST 2016

[root@np-tailor tmp]# date
Mon Aug 15 11:37:13 WST 2016
Top
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: Log Server not receiving messages

Post by rkennedy »

Can you show us a screenshot of your dashboard? There was a recent bug that was GUI related, which caused it not to appear because of caching. Another browser might work.

Does anything appear in your /var/log/lostash/logstash.log file? Can you post it for us to look at?
Former Nagios Employee
Top
ruchira
Posts: 6
Joined: Thu Aug 11, 2016 8:51 pm

Re: Log Server not receiving messages

Post by ruchira »

logstash logs

Code: Select all

-rw-r--r--  1 nagios users 278 Aug 15 11:31 logstash.log-20160816.gz
-rw-r--r--. 1 nagios users   0 Aug 16 03:17 logstash.log
[root@dev-tailor2 logstash]# gunzip logstash.log-20160816.gz
[root@dev-tailor2 logstash]# ls -ltrt
total 4
-rw-r--r--  1 nagios users 410 Aug 15 11:31 logstash.log-20160816
-rw-r--r--. 1 nagios users   0 Aug 16 03:17 logstash.log
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]# cat logstash.log-20160816
{:timestamp=>"2016-08-15T11:31:23.313000+0800", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2016-08-15T11:31:23.344000+0800", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
[root@dev-tailor2 logstash]#
##################################################################################

seem like somethings wrong with logstash

Code: Select all

[root@dev-tailor2 logstash]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
}

#
# Local inputs
#


[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]# netstat -nlp | grep 5544
[root@dev-tailor2 logstash]#

Code: Select all

########################################################
Elasticsearch

[root@dev-tailor2 logstash]# curl 'localhost:9200/_cat/indices?v'
health status index               pri rep docs.count docs.deleted store.size pri.store.size
yellow open   kibana-int            5   1          5            0     38.3kb         38.3kb
yellow open   nagioslogserver_log   5   1       3823            0    810.1kb        810.1kb
yellow open   nagioslogserver       1   1         19            1     63.2kb         63.2kb
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[root@dev-tailor2 logstash]#  curl 'localhost:9200/nagioslogserver_log/_search?q=*&pretty'
{
  "took" : 4,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 3825,
    "max_score" : 1.0,
    "hits" : [ {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMRV7ioi1e3hUb5fAr",
      "_score" : 1.0,
      "_source":{"created":1471232171745,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMRfvBoi1e3hUb5fAt",
      "_score" : 1.0,
      "_source":{"created":1471232211904,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMRkqZoi1e3hUb5fAu",
      "_score" : 1.0,
      "_source":{"created":1471232232089,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMSd2Uoi1e3hUb5fA7",
      "_score" : 1.0,
      "_source":{"created":1471232466323,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMS2Xsoi1e3hUb5fBA",
      "_score" : 1.0,
      "_source":{"created":1471232566764,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMTK_doi1e3hUb5fBE",
      "_score" : 1.0,
      "_source":{"created":1471232651228,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMT3JMoi1e3hUb5fBN",
      "_score" : 1.0,
      "_source":{"created":1471232832075,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMUlgYoi1e3hUb5fBW",
      "_score" : 1.0,
      "_source":{"created":1471233021975,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMVccRoi1e3hUb5fBh",
      "_score" : 1.0,
      "_source":{"created":1471233246993,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMV_vxoi1e3hUb5fBo",
      "_score" : 1.0,
      "_source":{"created":1471233391600,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    } ]
  }
}
[root@dev-tailor2 logstash]#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[root@dev-tailor2 logstash]#  curl 'localhost:9200/nagioslogserver/_search?q=*&pretty'
{
  "took" : 2,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  },
  "hits" : {
    "total" : 19,
    "max_score" : 1.0,
    "hits" : [ {
      "_index" : "nagioslogserver",
      "_type" : "node",
      "_id" : "global",
      "_score" : 1.0,
      "_source":{"config_inputs":[{"name":"Syslog (Default)","active":1,"raw":"syslog {\n    type => 'syslog'\n    port => 5544\n}"},{"name":"Windows Event Log (Default)","active":1,"raw":"tcp {\n    type => 'eventlog'\n    port => 3515\n    codec => json {\n        charset => 'CP1252'\n    }\n}"},{"name":"Import Files - Raw (Default)","active":1,"raw":"tcp {\n    type => 'import_raw'\n    tags => 'import_raw'\n    port => 2056\n}"},{"name":"Import Files - JSON (Default)","active":1,"raw":"tcp {\n    type => 'import_json'\n    tags => 'import_json'\n    port => 2057\n    codec => json\n}"}],"config_filters":[{"name":"Apache (Default)","active":1,"raw":"if [program] == 'apache_access' {\n    grok {\n        match => [ 'message', '%{COMBINEDAPACHELOG}']\n    }\n    date {\n        match => [ 'timestamp', 'dd\/MMM\/yyyy:HH:mm:ss Z', 'MMM dd HH:mm:ss', 'ISO8601' ]\n    }\n    mutate {\n        replace => [ 'type', 'apache_access' ]\n         convert => [ 'bytes', 'integer' ]\n         convert => [ 'response', 'integer' ]\n    }\n}\n \nif [program] == 'apache_error' {\n    grok {\n        match => [ 'message', '\\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\\] \\[%{WORD:class}\\] \\[%{WORD:originator} %{IP:clientip}\\] %{GREEDYDATA:errmsg}']\n    }\n    mutate {\n        replace => [ 'type', 'apache_error' ]\n    }\n}"}],"config_outputs":[]}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "commands",
      "_id" : "backup_maintenance",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","active":1,"status":"waiting","type":"system","node":"global","command":"do_maintenance","run_time":1471318343,"frequency":"86400"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "commands",
      "_id" : "backups",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","active":1,"status":"waiting","type":"system","node":"global","command":"do_backups","run_time":1471318343,"frequency":"86400"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "maintenance_settings",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","created_by":0,"value":"a:4:{s:6:\"active\";i:1;s:13:\"optimize_time\";i:2;s:10:\"close_time\";i:0;s:11:\"delete_time\";i:0;}"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "email_from",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:22","created_by":0,"value":"root@localhost"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "homits",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:22","created_by":0,"value":"MTQ3MTIzMTk0Mg=="}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "email_method",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","created_by":0,"value":"mail"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "backup_rotation",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","created_by":0,"value":"5"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "is_installed",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:22","created_by":0,"value":"1"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "query",
      "_id" : "AVaMQhWBoi1e3hUb5fAa",
      "_score" : 1.0,
      "_source":{"name":"Apache 404 Errors","raw":"{ \"query\": { \"filtered\": { \"query\": { \"bool\": { \"should\": [ { \"query_string\": { \"query\": \"*\" } } ] } }, \"filter\": { \"bool\": { \"must\": [ { \"range\": { \"@timestamp\": { \"from\": 1412793046809, \"to\": 1412879446809 } } }, { \"fquery\": { \"query\": { \"query_string\": { \"query\": \"_type: (\\\"apache_access\\\")\" } }, \"_cache\": true } }, { \"fquery\": { \"query\": { \"query_string\": { \"query\": \"response: (404)\" } }, \"_cache\": true } } ] } } } } }","services":"{ \"query\": { \"list\": { \"0\": { \"query\": \"*\", \"alias\": \"\", \"color\": \"#4D89F9\", \"id\": 0, \"pin\": false, \"type\": \"lucene\", \"enable\": true } }, \"ids\": [ 0 ] }, \"filter\": { \"list\": { \"0\": { \"type\": \"time\", \"field\": \"@timestamp\", \"from\": \"now-24h\", \"to\": \"now\", \"mandate\": \"must\", \"active\": true, \"alias\": \"\", \"id\": 0 }, \"1\": { \"type\": \"field\", \"field\": \"_type\", \"query\": \"\\\"apache_access\\\"\", \"mandate\": \"must\", \"active\": true, \"alias\": \"\", \"id\": 1 }, \"3\": { \"type\": \"field\", \"field\": \"response\", \"query\": \"404\", \"mandate\": \"must\", \"active\": true, \"alias\": \"\", \"id\": 3 } }, \"ids\": [ 0, 1, 3 ] } }","created_by":"NAGIOS","created_id":"system","show_everyone":1,"imported":1}
    } ]
  }
}
[root@dev-tailor2 logstash]#

Couldnt find any usefull details in any of elasticsearch indexes
You do not have the required permissions to view the files attached to this post.
Last edited by tmcdonald on Wed Aug 17, 2016 9:55 am, edited 1 time in total.
Reason: Please use [code][/code] tags around long output
Top
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: Log Server not receiving messages

Post by rkennedy »

What is the output of ls -al /usr/local/nagioslogserver/logstash/etc/conf.d/?

What version of NLS did you install, and on what OS? Was anything done to the machine after installing?
Former Nagios Employee
Top
ruchira
Posts: 6
Joined: Thu Aug 11, 2016 8:51 pm

Re: Log Server not receiving messages

Post by ruchira »

nagioslogserver_version.PNG
HI no changes on server just only NLS

[root@dev-tailor2 ~]# ls -al /usr/local/nagioslogserver/logstash/etc/conf.d/
total 12
drwxrwxr-x. 2 nagios nagios 74 Aug 15 11:32 .
drwxrwxr-x. 3 nagios nagios 19 Aug 15 11:31 ..
-rw-rw-r--. 1 apache apache 636 Aug 15 11:32 000_inputs.conf
-rw-rw-r--. 1 apache apache 987 Aug 15 11:32 500_filters.conf
-rw-rw-r--. 1 apache apache 501 Aug 15 11:32 999_outputs.conf
[root@dev-tailor2 ~]# cat /etc/oracle-release
Oracle Linux Server release 7.0
[root@dev-tailor2 ~]#
You do not have the required permissions to view the files attached to this post.
Last edited by ruchira on Tue Aug 16, 2016 10:47 pm, edited 1 time in total.
Top
ruchira
Posts: 6
Joined: Thu Aug 11, 2016 8:51 pm

Re: Log Server not receiving messages

Post by ruchira »

Code: Select all

[root@dev-tailor2 ~]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
}

#
# Local inputs
#


[root@dev-tailor2 ~]#
[root@dev-tailor2 ~]#
[root@dev-tailor2 ~]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Global filters
#

filter {
    if [program] == 'apache_access' {
        grok {
            match => [ 'message', '%{COMBINEDAPACHELOG}']
        }
        date {
            match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z', 'MMM dd HH:mm:ss', 'ISO8601' ]
        }
        mutate {
            replace => [ 'type', 'apache_access' ]
             convert => [ 'bytes', 'integer' ]
             convert => [ 'response', 'integer' ]
        }
    }

    if [program] == 'apache_error' {
        grok {
            match => [ 'message', '\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\] \[%{WORD:class}\] \[%{WORD:originator} %{IP:clientip}\] %{GREEDYDATA:errmsg}']
        }
        mutate {
            replace => [ 'type', 'apache_error' ]
        }
    }
}

#
# Local filters
#


[root@dev-tailor2 ~]#
[root@dev-tailor2 ~]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/999_outputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Required output for Nagios Log Server
#

output {
    elasticsearch {
        cluster => '3eaa11bf-eb34-4165-8274-2be6d1300cac'
        host => 'localhost'
        document_type => '%{type}'
        node_name => ''
        protocol => 'transport'
        workers => 4
    }
}

#
# Global outputs
#



#
# Local outputs
#


[root@dev-tailor2 ~]# uname -a
Linux dev-tailor2 3.8.13-44.1.1.el7uek.x86_64 #2 SMP Tue Sep 9 22:50:46 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@dev-tailor2 ~]#
Last edited by tmcdonald on Wed Aug 17, 2016 9:45 am, edited 1 time in total.
Reason: Please use [code][/code] tags around long output
Top
ruchira
Posts: 6
Joined: Thu Aug 11, 2016 8:51 pm

Re: Log Server not receiving messages

Post by ruchira »

[root@dev-tailor2 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.0 (Maipo)
[root@dev-tailor2 ~]#
[root@dev-tailor2 ~]# cat /etc/oracle-release
Oracle Linux Server release 7.0
Top
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: Log Server not receiving messages

Post by rkennedy »

[root@dev-tailor2 ~]# cat /etc/oracle-release
Oracle Linux Server release 7.0
NLS is not intended to be installed on Oracle, you'll want to use a clean RHEL or CentOS machine in order for it to work.
Former Nagios Employee
Top
Locked

Return to “Nagios Log Server”