Name in Host Field

[ab3pu]

I have just gotten some of my systems to send logs to the Nagios LS.

I notice that the <host> field shows the device's IP and not host name. (See quote below)

2017-01-11T11:55:14.961-05:00 10.101.0.11 sysloglegacy <189>85552: Jan 11 11:55:13 EST5: %SYS-5-CONFIG_I: Configured from console by bianco on vty0 (10.75.0.33)

How do I change the default behavior to populate this field with the device name?

[mcapra]

Assuming you have a proper DNS server that your Nagios Log Server machine talks to for the actual resolution, you can leverage the dns filter for all events. This filter should attempt to replace the value of the "host" field with the FQDN provided on the lookup:

Code: Select all

dns {
      action => "replace"
      reverse => [ "host" ]
    }

You can also use the nameserver directive to set a specific nameserver. More info on the dns filter plugin:
https://www.elastic.co/guide/en/logstas ... nameserver

[ab3pu]

That worked....We can close this....Look I am new to the Nagios LS, logstash and elastisearch etc. Do you have Nagios documentation for setting up filters, and queries that I can review to get this beast setup the way I want. Feel free to close after reply.

Thanks

[mcapra]

Here's some docs specifically aimed at Logstash Inputs and Filters:
https://assets.nagios.com/downloads/nag ... ilters.pdf
https://assets.nagios.com/downloads/nag ... Inputs.pdf

And queries/dashboards:
https://assets.nagios.com/downloads/nag ... Server.pdf
https://assets.nagios.com/downloads/nag ... Server.pdf

Otherwise, most of the time if you post a thread with a specific use case one of us techs can usually provide a filter/input set to satisfy it.

There's an awful lot of Logstash input/filter/output plugins in the community as well. Here's a list of the offical ones:
https://www.elastic.co/guide/en/logstas ... ugins.html
https://www.elastic.co/guide/en/logstas ... ugins.html
https://www.elastic.co/guide/en/logstas ... ugins.html

[ab3pu]

Thanks...OK to close