Nagios Support Forum

I know NLS is good for capturing syslog info but can it capture application logs and parse them. I haven't found any info on this.
Example: I have an in-house application that writes to a log, is NLS capable of parsing a custom log and alert on certain events? Say this application creates a file /var/log/foo/foo.log and in this are events for the application FOO. Can NLS parse such a file?

Yep!


https://assets.nagios.com/downloads/nag ... ilters.pdf

The syntax can take some time to get used to, but once you get the hang of it there are some very powerful filters you can set up. Let us know if you need help setting anything up!

@tmcdonald The link you provided is just what I am looking for however; my custom log never makes to the NLS.

When you say the log "never makes to the NLS", are you saying that you are attempting to send it and it fails? If so, by what method are you sending the log?

@tmcdonald - I lied. I don't know how long it takes for logs to appear in the NSL but I tried for several hours on Friday and never saw the log in NLS. I just assumed that it still wasnt there but when I just looked I now see the log. This is in my DEV ENV. I have a cron that runs every minute that echo some dummy info into a log, then ship that over to NLS. I see that now. I will use the link that you provided for parsing. Any clue why I didnt see this Friday?

It could be related to timing being off on a machine, could you compare the time stamps between the two machines to make sure they're in sync? I've seen this happen in the past, with that being the cause.

I just got confirmation that my company has paid for NLS support. rkennedy let me know if I need to move to that channel. I was able to setup a filter and the verification processed successfully. Now I dont know what to do with the filter. I have scoured the internet and youtube but I haven't found any info for applying or testing the filter. I assume that I do not have to add an input because my input is syslog. Basically my test setup is... I have a client sending a log to NLS. The log content looks very similar to service/host put from XI. My filter filters out part of the message, and the timestamp. But as mentioned, I have no idea if the filter works other than NLS verifying the syntax. If there is a good youtube clip or doc, please send my way. I don't mind doing it myself but there doesn't seem to be any good information for a beginner to this product. (Definitely do not mean to be offensive)

That opens up additional avenues. I would contact our sales team and make sure yourself (or a representative for your company) has access to the customer support section since those posts take priority over the general support section. We could also continue this in a ticket which, when all options are exhausted, generally result in a remote assistance session.

Can you share the filter and input rules being applied as well as some samples from the log file?

What I am asking for is pretty simply. I'm at home now so I can't share the filter. But what I am asking is, now that I have a filter what happens next? Go to the Dashboard, click here, there... where do I see any filter in action?

I recently wrote a filter that processes Linux audit log data for the purpose of arranging the data in a way that makes sense for my use case. Namely I wanted to preserve the entire message and pull out specific fields (uid, pid, auid, audit_type, etc) that i can then filter by. Say I wanted to find all audit log entries with the pid 26386; Now that the filter has pulled that field out and set it aside I can query that field specifically.