Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

sending Audit/Auth logs over RELP to NLS

https://support.nagios.com/forum/viewtopic.php?t=50855

Page 1 of 1

sending Audit/Auth logs over RELP to NLS

Posted: Fri Oct 26, 2018 4:40 am
by lukedevon
Hi

Can we send audit logs to nls via RELP by using setup-linux.sh script which has provided in nagios ls source/installation.

For example;
if the client nodes have been configured RELP to send logs to NLS over TCP, how can we use this script to send

Audit logs,
Auth logs
Sys logs

to nls?

Appreciate it if anyone can help me on configure client side to send logs to nls. (Audit,Auth and syslogs)

Thank you
Luke

Re: sending Audit/Auth logs over RELP to NLS

Posted: Fri Oct 26, 2018 8:58 am
by cdienger
I haven't set it up myself yet, but had another customer recently inquire about relp. There does seem to be a few config changes that need to be done on the client side that the script does not do and you'll also need to install a relp plugin on the NLS side.

The setup script creates a config file under /etc/rsyslog.d/that would need to be modified.
https://access.redhat.com/documentation ... using_relp has details regarding the configuration of the client.

To install the plugin on the NLS server:

/usr/local/nagioslogserver/logstash/bin/logstash-plugin install logstash-input-relp

details on setting up the input can be found at:

https://www.elastic.co/guide/en/logstas ... -relp.html
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited