Page 1 of 1
Testing out Log Server
Posted: Thu Jul 19, 2018 12:34 pm
by cockraml
We currently have a syslog server that has around a year's worth of data.
Can I forward the syslog server to the nagios log server from the current syslog server?
Is there an easy way to import the years worth of data?
Re: Testing out Log Server
Posted: Thu Jul 19, 2018 4:16 pm
by jomann
How are the old syslogs stored? If you go into the Log Server interface, click on "Add Log Source" button, there is a section that is called "Import From File" which would allow you to take a file with log data and send it into Log Server.
Re: Testing out Log Server
Posted: Thu Jul 19, 2018 4:43 pm
by cdienger
I second using the 'import from file' option and would additionally suggest adding a filter in NLS to parse out the information a bit more and split the data into indices based on their date:
if [program] == 'import' {
grok {
match => [ 'message', '%{SYSLOGTIMESTAMP:logdate} %{WORD:host} %{WORD:program}: %{GREEDYDATA:message}']
}
date {
match => [ 'logdate', 'MMM dd HH:mm:ss' ]
}
}
Make sure to set the program name appropraitely when you use the shipper program. For example:
cat /var/log/messages | python shipper.py program:apache_access | nc 192.168.4.68 2057