Nagios Support Forum

Code: Select all

[root@host_name ~]# curl -s -O http://dev-tailor2/nagioslogserver/scripts/setup-linux.sh
[root@Host_name ~]# bash setup-linux.sh -s dev-tailor2 -p 5544
Your system $PATH does not include /sbin and /usr/sbin. This could be the result of installing GNOME rather than creating a clean system.
Adding /sbin and /usr/sbin to $PATH.
Detected rsyslog 7.4.7
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: dev-tailor2:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
Redirecting to /bin/systemctl restart  rsyslog.service
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.

Code: Select all

Logstash Daemonlogstash.service - LSB: Logstash
   Loaded: loaded (/etc/rc.d/init.d/logstash)
   Active: active (exited) since Fri 2016-08-12 10:18:13 WST; 9min ago
  Process: 9098 ExecStop=/etc/rc.d/init.d/logstash stop (code=exited, status=0/SUCCESS)
  Process: 9108 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)

Aug 12 10:18:24 XXXXXXXXXXXX logstash[9108]: start_inputs at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/pipeline.rb:147
Aug 12 10:18:24 XXXXXXXXXXX logstash[9108]: synchronize at org/jruby/ext/thread/Mutex.java:149
Aug 12 10:18:24 XXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/pipeline.rb:80
Aug 12 10:18:24 XXXXXXXXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/pipeline.rb:80
Aug 12 10:18:24 XXXXXXXXXXXXXXXXX logstash[9108]: execute at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/agent.rb:150
Aug 12 10:18:24 XXXXXXXXXXXXXXXXXXXXXXXX logstash[9108]: call at org/jruby/RubyProc.java:271
Aug 12 10:18:24 XXXXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/runner.rb:87
Aug 12 10:18:24 XXXXXXXXXXXXXXX logstash[9108]: call at org/jruby/RubyProc.java:271
Aug 12 10:18:24 XXXXXXXXXXXXXXXXXXXXXXXXX logstash[9108]: run at /usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.1-java/lib/logstash/runner.rb:92
Aug 12 10:18:24 XXXXXXXXXXXXXXXXX runuser[9114]: pam_unix(runuser:session): session closed for user nagios

Code: Select all

# tcpdump src host log_source_ip and tcp dst port 5544 and dst host nagioslogserver_IP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

10:19:16.962508 IP XXXXXXXXXXXXXXXX  .37905 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2102465374, win 14600, options [mss 1460,sackOK,TS val 407808648 ecr 0,nop,wscale 7], length 0
10:19:46.998323 IP XXXXXXXXXXXXXXXX  .37978 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3196620400, win 14600, options [mss 1460,sackOK,TS val 407838684 ecr 0,nop,wscale 7], length 0
10:20:17.031352 IP XXXXXXXXXXXXXXXX  .38051 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3355995753, win 14600, options [mss 1460,sackOK,TS val 407868717 ecr 0,nop,wscale 7], length 0
10:20:47.068592 IP XXXXXXXXXXXXXXXX  .38124 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 1053464637, win 14600, options [mss 1460,sackOK,TS val 407898753 ecr 0,nop,wscale 7], length 0
10:21:17.104351 IP XXXXXXXXXXXXXXXX  .38197 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3442125058, win 14600, options [mss 1460,sackOK,TS val 407928790 ecr 0,nop,wscale 7], length 0
10:21:47.138719 IP XXXXXXXXXXXXXXXX  .38269 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 787019552, win 14600, options [mss 1460,sackOK,TS val 407958826 ecr 0,nop,wscale 7], length 0
10:22:17.148512 IP XXXXXXXXXXXXXXXX  .38339 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2978900797, win 14600, options [mss 1460,sackOK,TS val 407988836 ecr 0,nop,wscale 7], length 0
10:22:47.178124 IP XXXXXXXXXXXXXXXX  .38411 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2829264381, win 14600, options [mss 1460,sackOK,TS val 408018866 ecr 0,nop,wscale 7], length 0
10:23:17.213777 IP XXXXXXXXXXXXXXXX  .38484 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2114725888, win 14600, options [mss 1460,sackOK,TS val 408048902 ecr 0,nop,wscale 7], length 0
10:23:47.250438 IP XXXXXXXXXXXXXXXX  .38557 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3844739351, win 14600, options [mss 1460,sackOK,TS val 408078939 ecr 0,nop,wscale 7], length 0
10:24:17.288118 IP XXXXXXXXXXXXXXXX  .38630 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2147035330, win 14600, options [mss 1460,sackOK,TS val 408108977 ecr 0,nop,wscale 7], length 0
10:24:47.325623 IP XXXXXXXXXXXXXXXX  .38704 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 896153796, win 14600, options [mss 1460,sackOK,TS val 408139014 ecr 0,nop,wscale 7], length 0
10:25:17.359677 IP XXXXXXXXXXXXXXXX  .38776 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 3569642898, win 14600, options [mss 1460,sackOK,TS val 408169049 ecr 0,nop,wscale 7], length 0
10:25:47.395299 IP XXXXXXXXXXXXXXXX  .38849 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2910915721, win 14600, options [mss 1460,sackOK,TS val 408199085 ecr 0,nop,wscale 7], length 0
10:26:17.431332 IP XXXXXXXXXXXXXXXX  .38921 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2016469944, win 14600, options [mss 1460,sackOK,TS val 408229121 ecr 0,nop,wscale 7], length 0
10:26:47.459425 IP XXXXXXXXXXXXXXXX  .38994 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2888103235, win 14600, options [mss 1460,sackOK,TS val 408259150 ecr 0,nop,wscale 7], length 0
10:27:17.494092 IP XXXXXXXXXXXXXXXX  .39067 > XXXXXXXXXXXXXXXX  .5544: Flags [S], seq 2209121603, win 14600, options [mss 1460,sackOK,TS val 408289185 ecr 0,nop,wscale 7], length 0

Code: Select all

-rw-r--r--  1 nagios users 278 Aug 15 11:31 logstash.log-20160816.gz
-rw-r--r--. 1 nagios users   0 Aug 16 03:17 logstash.log
[root@dev-tailor2 logstash]# gunzip logstash.log-20160816.gz
[root@dev-tailor2 logstash]# ls -ltrt
total 4
-rw-r--r--  1 nagios users 410 Aug 15 11:31 logstash.log-20160816
-rw-r--r--. 1 nagios users   0 Aug 16 03:17 logstash.log
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]# cat logstash.log-20160816
{:timestamp=>"2016-08-15T11:31:23.313000+0800", :message=>"Error: No config files found: /usr/local/nagioslogserver/logstash/etc/conf.d/*\nCan you make sure this path is a logstash config file?"}
{:timestamp=>"2016-08-15T11:31:23.344000+0800", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
[root@dev-tailor2 logstash]#

Code: Select all

[root@dev-tailor2 logstash]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
}

#
# Local inputs
#


[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]# netstat -nlp | grep 5544
[root@dev-tailor2 logstash]#

Code: Select all

########################################################
Elasticsearch

[root@dev-tailor2 logstash]# curl 'localhost:9200/_cat/indices?v'
health status index               pri rep docs.count docs.deleted store.size pri.store.size
yellow open   kibana-int            5   1          5            0     38.3kb         38.3kb
yellow open   nagioslogserver_log   5   1       3823            0    810.1kb        810.1kb
yellow open   nagioslogserver       1   1         19            1     63.2kb         63.2kb
[root@dev-tailor2 logstash]#
[root@dev-tailor2 logstash]#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[root@dev-tailor2 logstash]#  curl 'localhost:9200/nagioslogserver_log/_search?q=*&pretty'
{
  "took" : 4,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "failed" : 0
  },
  "hits" : {
    "total" : 3825,
    "max_score" : 1.0,
    "hits" : [ {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMRV7ioi1e3hUb5fAr",
      "_score" : 1.0,
      "_source":{"created":1471232171745,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMRfvBoi1e3hUb5fAt",
      "_score" : 1.0,
      "_source":{"created":1471232211904,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMRkqZoi1e3hUb5fAu",
      "_score" : 1.0,
      "_source":{"created":1471232232089,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMSd2Uoi1e3hUb5fA7",
      "_score" : 1.0,
      "_source":{"created":1471232466323,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMS2Xsoi1e3hUb5fBA",
      "_score" : 1.0,
      "_source":{"created":1471232566764,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMTK_doi1e3hUb5fBE",
      "_score" : 1.0,
      "_source":{"created":1471232651228,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMT3JMoi1e3hUb5fBN",
      "_score" : 1.0,
      "_source":{"created":1471232832075,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMUlgYoi1e3hUb5fBW",
      "_score" : 1.0,
      "_source":{"created":1471233021975,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMVccRoi1e3hUb5fBh",
      "_score" : 1.0,
      "_source":{"created":1471233246993,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    }, {
      "_index" : "nagioslogserver_log",
      "_type" : "JOBS",
      "_id" : "AVaMV_vxoi1e3hUb5fBo",
      "_score" : 1.0,
      "_source":{"created":1471233391600,"created_by":"System","type":"JOBS","message":"Finished Running run_alerts","node":"c3d12086-1d42-496b-b785-ff44daef8b40","source":"Nagios Log Server"}
    } ]
  }
}
[root@dev-tailor2 logstash]#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[root@dev-tailor2 logstash]#  curl 'localhost:9200/nagioslogserver/_search?q=*&pretty'
{
  "took" : 2,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "failed" : 0
  },
  "hits" : {
    "total" : 19,
    "max_score" : 1.0,
    "hits" : [ {
      "_index" : "nagioslogserver",
      "_type" : "node",
      "_id" : "global",
      "_score" : 1.0,
      "_source":{"config_inputs":[{"name":"Syslog (Default)","active":1,"raw":"syslog {\n    type => 'syslog'\n    port => 5544\n}"},{"name":"Windows Event Log (Default)","active":1,"raw":"tcp {\n    type => 'eventlog'\n    port => 3515\n    codec => json {\n        charset => 'CP1252'\n    }\n}"},{"name":"Import Files - Raw (Default)","active":1,"raw":"tcp {\n    type => 'import_raw'\n    tags => 'import_raw'\n    port => 2056\n}"},{"name":"Import Files - JSON (Default)","active":1,"raw":"tcp {\n    type => 'import_json'\n    tags => 'import_json'\n    port => 2057\n    codec => json\n}"}],"config_filters":[{"name":"Apache (Default)","active":1,"raw":"if [program] == 'apache_access' {\n    grok {\n        match => [ 'message', '%{COMBINEDAPACHELOG}']\n    }\n    date {\n        match => [ 'timestamp', 'dd\/MMM\/yyyy:HH:mm:ss Z', 'MMM dd HH:mm:ss', 'ISO8601' ]\n    }\n    mutate {\n        replace => [ 'type', 'apache_access' ]\n         convert => [ 'bytes', 'integer' ]\n         convert => [ 'response', 'integer' ]\n    }\n}\n \nif [program] == 'apache_error' {\n    grok {\n        match => [ 'message', '\\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\\] \\[%{WORD:class}\\] \\[%{WORD:originator} %{IP:clientip}\\] %{GREEDYDATA:errmsg}']\n    }\n    mutate {\n        replace => [ 'type', 'apache_error' ]\n    }\n}"}],"config_outputs":[]}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "commands",
      "_id" : "backup_maintenance",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","active":1,"status":"waiting","type":"system","node":"global","command":"do_maintenance","run_time":1471318343,"frequency":"86400"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "commands",
      "_id" : "backups",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","active":1,"status":"waiting","type":"system","node":"global","command":"do_backups","run_time":1471318343,"frequency":"86400"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "maintenance_settings",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","created_by":0,"value":"a:4:{s:6:\"active\";i:1;s:13:\"optimize_time\";i:2;s:10:\"close_time\";i:0;s:11:\"delete_time\";i:0;}"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "email_from",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:22","created_by":0,"value":"root@localhost"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "homits",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:22","created_by":0,"value":"MTQ3MTIzMTk0Mg=="}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "email_method",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","created_by":0,"value":"mail"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "backup_rotation",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:23","created_by":0,"value":"5"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "cf_option",
      "_id" : "is_installed",
      "_score" : 1.0,
      "_source":{"created":"2016-08-15 11:32:22","created_by":0,"value":"1"}
    }, {
      "_index" : "nagioslogserver",
      "_type" : "query",
      "_id" : "AVaMQhWBoi1e3hUb5fAa",
      "_score" : 1.0,
      "_source":{"name":"Apache 404 Errors","raw":"{ \"query\": { \"filtered\": { \"query\": { \"bool\": { \"should\": [ { \"query_string\": { \"query\": \"*\" } } ] } }, \"filter\": { \"bool\": { \"must\": [ { \"range\": { \"@timestamp\": { \"from\": 1412793046809, \"to\": 1412879446809 } } }, { \"fquery\": { \"query\": { \"query_string\": { \"query\": \"_type: (\\\"apache_access\\\")\" } }, \"_cache\": true } }, { \"fquery\": { \"query\": { \"query_string\": { \"query\": \"response: (404)\" } }, \"_cache\": true } } ] } } } } }","services":"{ \"query\": { \"list\": { \"0\": { \"query\": \"*\", \"alias\": \"\", \"color\": \"#4D89F9\", \"id\": 0, \"pin\": false, \"type\": \"lucene\", \"enable\": true } }, \"ids\": [ 0 ] }, \"filter\": { \"list\": { \"0\": { \"type\": \"time\", \"field\": \"@timestamp\", \"from\": \"now-24h\", \"to\": \"now\", \"mandate\": \"must\", \"active\": true, \"alias\": \"\", \"id\": 0 }, \"1\": { \"type\": \"field\", \"field\": \"_type\", \"query\": \"\\\"apache_access\\\"\", \"mandate\": \"must\", \"active\": true, \"alias\": \"\", \"id\": 1 }, \"3\": { \"type\": \"field\", \"field\": \"response\", \"query\": \"404\", \"mandate\": \"must\", \"active\": true, \"alias\": \"\", \"id\": 3 } }, \"ids\": [ 0, 1, 3 ] } }","created_by":"NAGIOS","created_id":"system","show_everyone":1,"imported":1}
    } ]
  }
}
[root@dev-tailor2 logstash]#

Code: Select all

[root@dev-tailor2 ~]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Global inputs
#

input {
    syslog {
        type => 'syslog'
        port => 5544
    }
    tcp {
        type => 'eventlog'
        port => 3515
        codec => json {
            charset => 'CP1252'
        }
    }
    tcp {
        type => 'import_raw'
        tags => 'import_raw'
        port => 2056
    }
    tcp {
        type => 'import_json'
        tags => 'import_json'
        port => 2057
        codec => json
    }
}

#
# Local inputs
#


[root@dev-tailor2 ~]#
[root@dev-tailor2 ~]#
[root@dev-tailor2 ~]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Global filters
#

filter {
    if [program] == 'apache_access' {
        grok {
            match => [ 'message', '%{COMBINEDAPACHELOG}']
        }
        date {
            match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z', 'MMM dd HH:mm:ss', 'ISO8601' ]
        }
        mutate {
            replace => [ 'type', 'apache_access' ]
             convert => [ 'bytes', 'integer' ]
             convert => [ 'response', 'integer' ]
        }
    }

    if [program] == 'apache_error' {
        grok {
            match => [ 'message', '\[(?<timestamp>%{DAY:day} %{MONTH:month} %{MONTHDAY} %{TIME} %{YEAR})\] \[%{WORD:class}\] \[%{WORD:originator} %{IP:clientip}\] %{GREEDYDATA:errmsg}']
        }
        mutate {
            replace => [ 'type', 'apache_error' ]
        }
    }
}

#
# Local filters
#


[root@dev-tailor2 ~]#
[root@dev-tailor2 ~]# cat /usr/local/nagioslogserver/logstash/etc/conf.d/999_outputs.conf
#
# Logstash Configuration File
# Dynamically created by Nagios Log Server
#
# DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN.
#
# Created Mon, 15 Aug 2016 11:32:35 +0800
#

#
# Required output for Nagios Log Server
#

output {
    elasticsearch {
        cluster => '3eaa11bf-eb34-4165-8274-2be6d1300cac'
        host => 'localhost'
        document_type => '%{type}'
        node_name => ''
        protocol => 'transport'
        workers => 4
    }
}

#
# Global outputs
#



#
# Local outputs
#


[root@dev-tailor2 ~]# uname -a
Linux dev-tailor2 3.8.13-44.1.1.el7uek.x86_64 #2 SMP Tue Sep 9 22:50:46 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@dev-tailor2 ~]#