Page 1 of 1
Disk Capacity on Nagios Log Server
Posted: Thu Mar 09, 2017 11:03 pm
by tsabit
Dear Support Nagios,
i have many question about NLS.
1. what is your Recommendation about Disk Capacity if The Log Source is 24-30?
2. what that mean below capture about Primary Disk ? the mean is Disk Usage or free disk.please assist me
3. how to filter the specific log on windows like MS SQL Log ?
Re: Disk Capacity on Nagios Log Server
Posted: Fri Mar 10, 2017 2:17 pm
by mcapra
tsabit wrote:1. what is your Recommendation about Disk Capacity if The Log Source is 24-30?
This is impossible to give a definitive recommendation for. Simply because on any sort of scale the difference between an event like this:
Code: Select all
Mar 10 13:15:01 xi-stable systemd: Starting Session 40693 of user nagios.
And and event like this:
Code: Select all
Mar 6 03:36:48 xi-stable nagios: Error: External command failed -> PROCESS_SERVICE_CHECK_RESULT;win_nsca_test;Uptime;0;OK: uptime: 3w 4d 20:17h, boot: 2017-Feb-08 13:19:19 (UTC)|'uptime'=2233037s;172800;43200
Is nearly two-fold in terms of the storage required.
tsabit wrote:2. what that mean below capture about Primary Disk ? the mean is Disk Usage or free disk.please assist me
I do not see a screen capture in your post. Could you elaborate?
tsabit wrote:3. how to filter the specific log on windows like MS SQL Log ?
If you wanted to on a very basic level you could send those MSSQL logs to a specific port and type/tag them as "MSSQL". Like so as an input rule:
Code: Select all
tcp {
port => 20327
type => 'MSSQL'
}
Re: Disk Capacity on Nagios Log Server
Posted: Fri Mar 10, 2017 9:15 pm
by tsabit
Than You for the reply
i mean the disk capacity of disk for 24-30 log source is like windows server,network device etc.
here I attach the file of Primary Disk.
Re: Disk Capacity on Nagios Log Server
Posted: Sun Mar 12, 2017 10:26 pm
by tsabit
Hi Support nagios Log Server.
please answer about Primary Disk on Nagios Log Server.
Re: Disk Capacity on Nagios Log Server
Posted: Mon Mar 13, 2017 12:00 pm
by mcapra
tsabit wrote:i mean the disk capacity of disk for 24-30 log source is like windows server,network device etc.
My point still stands. The difference between say an Event Log entry like this:
Code: Select all
Successfully scheduled Software Protection service for re-start at 2117-02-17T16:12:44Z. Reason: RulesEngine.
And this:
Code: Select all
The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 9986e719-0599-4daa-b72e-ac8e505031db, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )]
Is meaningful in terms of the disk space required to store either message. Where the first message is 109 bytes worth of characters, the second is 353 bytes worth of characters. That's over 3 times the size and could mean the difference between needing a 300GB disk and a 1TB disk when you start scaling up.
It's not enough to say "I have X Windows/Linux machines, how much disk space to I need". A Windows machine hosting exchange+iis+dns is going to produce a heck of a lot more events than an employee's workstation, for example. An IIS server hosting 2 websites is going to produce a lot less traffic than one hosting 200 websites.
Re: Disk Capacity on Nagios Log Server
Posted: Thu Mar 23, 2017 11:14 pm
by tsabit
How to know the growing of disk capacity ?
how to count the eventlog/syslog on NS?
Re: Disk Capacity on Nagios Log Server
Posted: Fri Mar 24, 2017 12:57 pm
by mcapra
How to know the growing of disk capacity ?
I'm not 100% sure what you mean by this, but there are several overview pages which give a summary of the total storage used on a per-instance as well as a per-cluster level. A simple
df -h is also a pretty good indicator of how full the disk is getting.
How to count the eventlog/syslog on NS?
If you run a search from the Nagios Log Server GUI's default dashboard, the total number of records based on your criteria is always returned here:
2017_03_24_12_55_50_Dashboard_Nagios_Log_Server.png
If you wanted to know the total document count for the entire cluster (eg, all your data) that can be found on the main Administration page as well as the Cluster Status page:
2017_03_24_12_56_42_Admin_Dashboard_Nagios_Log_Server.png