Nagios Support Forum

Posted: **Fri Apr 28, 2017 4:44 pm**

Trying out NLS on Ubuntu 16. New install. I download and exec the sh script and the below is what I get. rsyslog is running. Restarted the service. Nothing going to NLS.

Any advice would be appreciated

root@web1:/tmp# bash setup-linux.sh -s logs.isonasnet.com -p 5544
Detected rsyslog 8.16.0
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: logs.isonasnet.com:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
getenforce command not found, assuming SELinux is disabled.
ERROR: rsyslog configuration check failed.

Posted: **Fri Apr 28, 2017 4:48 pm**

I haven't worked for Nagios for awhile now, but last I knew Ubuntu was not supported. I haven't been watching closely - but I'm not aware of that changing. Red Hat/CentOS is the recommended installation platform.

Posted: **Fri Apr 28, 2017 4:50 pm**

A little more on this:

When I try the Manual option the first line gets this:

root@web1:/tmp# ls -d /var/lib/rsyslog || ls -d /var/spool/rsyslog || mkdir -v /var/spool/rsyslog
ls: cannot access '/var/lib/rsyslog': No such file or directory
/var/spool/rsyslog

Posted: **Fri Apr 28, 2017 4:51 pm**

hsmith wrote:I haven't worked for Nagios for awhile now, but last I knew Ubuntu was not supported. I haven't been watching closely - but I'm not aware of that changing. Red Hat/CentOS is the recommended installation platform.

To be clear: I'm not installing NLS on Ubuntu. Just wanting to get log events from it to the NLS that is already running fine

Sharing for the benefit of others....

My initial error is caused by a known bug in rsyslog.

comment the line in the /etc/rsyslog.conf :

$KLogPermitNonKernelFacility on

This allows syslogging to start working.

Now I am trying to get file watch on catalina.out and that isn't working. If anyone has ideas on what to check please share.

Posted: **Mon May 01, 2017 9:45 am**

hsmith wrote:I haven't worked for Nagios for awhile now, but last I knew Ubuntu was not supported. I haven't been watching closely - but I'm not aware of that changing. Red Hat/CentOS is the recommended installation platform.

Thanks @hsmith! To confirm, we only support clean, minimal installations of Red Hat and CentOS Linux.

stevecalderoni wrote:Now I am trying to get file watch on catalina.out and that isn't working. If anyone has ideas on what to check please share.

Tomcat logs are notoriously tricky to deal with because Java call traces take up multiple lines. Were you encountering specific problems with getting the logs to even make it to Nagios Log Server? We do include a setup script for Linux files that can be found here:

2017_05_01_09_45_14_Source_Setup_Nagios_Log_Server.png

Is that script giving you problems?

Posted: **Mon May 01, 2017 9:52 am**

That is the one I used. The conf file gets created and rsyslog restarts successfully. By all rights it should be logging. I do see events from the OS coming in so I know rsyslog is sending something. I'm just not getting the catalina.out file. I am at a total loss on this one.

Conf file created by scripts:

Code: Select all

root@server:/opt/tomcat/logs# cat /etc/rsyslog.d/90-nagioslogserver_opt_tomcat_logs_catalina.out.conf
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog

# Input for CatalinaOut
$InputFileName /opt/tomcat/logs/catalina.out
$InputFileTag CatalinaOut:
$InputFileStateFile nls-state-opt_tomcat_logs_catalina.out # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'CatalinaOut' then @@logs.isonasnet.com:5544
if $programname == 'CatalinaOut' then ~

Spool file exists as well:

root@server:/opt/tomcat/logs# cat /var/spool/rsyslog/nls-state-opt_tomcat_logs_catalina.out
<Obj:1:strm:1:
+iCurrFNum:2:1:1:
+pszFName:1:29:/opt/tomcat/logs/catalina.out:
+iMaxFiles:2:1:0:
+bDeleteOnClose:2:1:0:
+sType:2:1:2:
+tOperationsMode:2:1:1:
+tOpenMode:2:3:384:
+iCurrOffs:2:1:0:
+inode:2:1:0:
+bPrevWasNL:2:1:0:
>End
.

Posted: **Mon May 01, 2017 11:14 am**

Can you try altering the rsyslog rule to use a Logstash input other than the default syslog one on 5544? 2056 is used for raw tcp/udp inputs by default. Give this a try:

Code: Select all

if $programname == 'CatalinaOut' then @@logs.isonasnet.com:2056

You'll need to restart the rsyslog process to apply the changes.

Posted: **Mon May 01, 2017 11:39 am**

Thanks for the reply. Still nothing coming after changing to port 2056

Posted: **Mon May 01, 2017 12:09 pm**

I would check both the system log on the Ubuntu machine for rsyslog errors, and the Logstash log on the Nagios Log Server machine for errors. Here's the location of the Logstash log on the Nagios Log Server machine if you'd like to share it for review:

Code: Select all

/var/log/logstash/logstash.log

I would also verify that there are no Firewall rules on the Nagios Log Server machine preventing traffic on port 2056.

Posted: **Mon May 01, 2017 3:06 pm**

The /var/log/logstash/logstash.log only has 4 errors in it and they are for another device.

iptables shows all needed ports open and the 2056 port is taking traffic

Chain INPUT (policy ACCEPT 144K packets, 212M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2057
43 2580 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2056
1469 88140 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5544
59 3020 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3515
85 5100 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:9300:9400
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
14M 6405M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:5544
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5667
15936 956K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5666
29620 1540K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
86163 17M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5544

Nagios Support Forum

NLS Ubuntu Error

NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error

Re: NLS Ubuntu Error