We currently have a syslog server that has around a year's worth of data.
Can I forward the syslog server to the nagios log server from the current syslog server?
Is there an easy way to import the years worth of data?
Testing out Log Server
Re: Testing out Log Server
How are the old syslogs stored? If you go into the Log Server interface, click on "Add Log Source" button, there is a section that is called "Import From File" which would allow you to take a file with log data and send it into Log Server.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Testing out Log Server
I second using the 'import from file' option and would additionally suggest adding a filter in NLS to parse out the information a bit more and split the data into indices based on their date:
if [program] == 'import' {
grok {
match => [ 'message', '%{SYSLOGTIMESTAMP:logdate} %{WORD:host} %{WORD:program}: %{GREEDYDATA:message}']
}
date {
match => [ 'logdate', 'MMM dd HH:mm:ss' ]
}
}
Make sure to set the program name appropraitely when you use the shipper program. For example:
cat /var/log/messages | python shipper.py program:apache_access | nc 192.168.4.68 2057
if [program] == 'import' {
grok {
match => [ 'message', '%{SYSLOGTIMESTAMP:logdate} %{WORD:host} %{WORD:program}: %{GREEDYDATA:message}']
}
date {
match => [ 'logdate', 'MMM dd HH:mm:ss' ]
}
}
Make sure to set the program name appropraitely when you use the shipper program. For example:
cat /var/log/messages | python shipper.py program:apache_access | nc 192.168.4.68 2057
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.