Nagios Support Forum

Installed the Nagios Log Server VM yesterday before leaving work with only the log server itself generating logging data. This morning when I looked at the data that was collected overnight I saw tons of entries with "apache: TTY=unknown ..." in the message. Did some digging and found that the source of this log data were sudo entries in /var/log/secure relayed to gathering status information from logstash and elasticsearch every 15 seconds. If I understand correctly, these entries are being sent to Nagios via rsyslogd and that I can turn them off by deleting the rsyslogd configuration. I would like to understand why these entries appear in /var/log/secure. If this is just the way that Nagios works by using sudo every 15 secs to gather status information is there a way to turn off this constant logging to /var/log/secure? I'm asking because to me this is just noise that clutters up /var/log/secure which might result in something that really needs attention being missed.

You could add the following to your /etc/sudoers This will suppress syslog messages when the nagios or apache user runs sudo commands

Thanks for that! Will give it a try.

fclswalsh wrote:Thanks for that! Will give it a try.

Let us know if you need anything else