Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

To parse syslog and used elasticsearch as output

https://support.nagios.com/forum/viewtopic.php?t=40331

Page 1 of 1

To parse syslog and used elasticsearch as output

Posted: Wed Sep 21, 2016 8:38 am
by gselvakumar
Hi Team,

We have used logstash to parse syslog and used elasticsearch as output. We need to integrate it with NagiosXI, when a particular event is seen in the log NagiosXI must be alerted. Could you please help on this. Let us for any more details required.

Re: To parse syslog and used elasticsearch as output

Posted: Wed Sep 21, 2016 11:41 am
by rkennedy
Our product (Nagios Log Server) is written on top of the ELK stack, and has this feature built in. However, it won't work with an independent ELK stack.

You would need to write your own plugin to do this.

Re: To parse syslog and used elasticsearch as output

Posted: Wed Sep 21, 2016 11:44 am
by mcapra
You could leverage NRPE to do something like this by querying the elasticsearch API probably. Definitely not something we have documentation for though.

The check_nagioslogserver.php plugin that comes stock with XI is probably a good starting point (not a solution) for this. If I find free-time, I might re-write it as a plugin that can be leveraged by NRPE to hit the local elasticsearch API rather than the NLS API.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited