Page 1 of 2
Hourly Sending Check on Nagios Log Server 2.0
Posted: Thu Feb 08, 2018 2:12 pm
by cgutierr
I have an issue with some devices listed as not sending during the hourly sending check. I am checking logs on those devices and they are definitely up and running producing logs. Also, this happens quite randomly on different devices but mostly on our network devices. Would this be caused by a resource issue with our log server? Any ideas to rectify the issue would be greatly appreciated. Thanks!
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Thu Feb 08, 2018 3:41 pm
by kyang
Can you show us a screenshot of what you mean?
What hourly checks on Nagios Log Server from devices?
I don't quite understand what are you referring to?
Could you also PM or post your profile.
NLS home --> Admin --> System --> System Status --> Download System profile
Along with recent logs of this issue located here
Code: Select all
/var/log/elasticsearch/*
/var/log/logstash/*
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Thu Feb 08, 2018 4:22 pm
by cgutierr
In Nagios Log Server 2.0 Under the Unique Hosts Report, it lists all the hosts that are logging to the server. If you scroll further down and have devices that are not logging to the server you get a section called "Not Sending", where it lists hosts not sending during an hourly log sending check. I cannot take a screen shot since the log server is on our classified network but the "Not Sending" section has a blurb saying "This is a list of hosts that Log Server has received logs from in the past. Hosts in this list did not send any logs during the hourly log sending check. Last sending check was Thu, 08 Feb 2018 13:00:01 -0800."
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Thu Feb 08, 2018 5:07 pm
by kyang
Thanks for clarifying.
Could you PM or post your profile and the log files?
NLS home --> Admin --> System --> System Status --> Download System profile
The relevant log files located here.
Code: Select all
/var/log/elasticsearch/*
/var/log/logstash/*
Thanks.
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Fri Feb 09, 2018 11:16 am
by cgutierr
I need some time to sanitize all classified information from the system profile and the logs.
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Fri Feb 09, 2018 11:46 am
by kyang
No problem!
We will be here when you are ready.
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Mon Feb 12, 2018 11:38 am
by cgutierr
Attached is the information as requested as of 09FEB2018.
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Mon Feb 12, 2018 5:38 pm
by kyang
Thanks for info!
Is the network device sending from UDP or TCP?
Can you also tell me which port it is sending to?
If you could run a tcpdump and PM the pcacp file in your /tmp directory that would be very helpful.
Please change xxxx to the port the network device is sending to NLS.
You may have to install tcpdump.
Code: Select all
tcpdump -s 0 -i any port xxxx -w tmp/389.pcap
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Mon Feb 12, 2018 6:10 pm
by cgutierr
Network devices are sending UDP to port 5544 on the log server.
Re: Hourly Sending Check on Nagios Log Server 2.0
Posted: Tue Feb 13, 2018 10:20 am
by kyang
Is logstash and elasticsearch running?
Code: Select all
service logstash status
service elasticsearch status