Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Limit logging to /var/log/messages

https://support.nagios.com/forum/viewtopic.php?t=51666

Page 1 of 1

Limit logging to /var/log/messages

Posted: Mon Dec 17, 2018 4:23 pm
by BackNBlack
I would like to limit some of the messages going to my syslog server coming from Nagios Xi.

These are the types of messages I would like to eliminate:

Code: Select all

Dec 17 21:18:12 tvm-nagios01 ndo2db: Trimming systemcommands.
Dec 17 21:18:12 tvm-nagios01 ndo2db: Trimming servicechecks.
Dec 17 21:18:12 tvm-nagios01 ndo2db: Trimming hostchecks.
Dec 17 21:18:12 tvm-nagios01 ndo2db: Trimming eventhandlers.

I've tried editing nagios.cfg but it did not seem to effect these trimming entries.

Code: Select all

use_syslog=0
log_archive_path=/usr/local/nagios/var/archives
What am I missing?

Thanks

Re: Limit logging to /var/log/messages

Posted: Mon Dec 17, 2018 4:57 pm
by npolovenko
@BackNBlack, Let's add the exclusion rule to your rsyslog configuration. Open the following config:
nano /etc/rsyslog.conf
In the beginning of the #### RULES #### section put the following:
:msg, contains, "ndo2db" ~
Then run:
service rsyslog restart

Re: Limit logging to /var/log/messages

Posted: Tue Dec 18, 2018 8:52 am
by BackNBlack
Thanks for the quick reply.

I think something is working against me here because this is not working. I wasn't sure which rsyslog file to edit so I edited each, the nagios server and my loghost server.

Excerpts from my configuratios:

nagios server:

Code: Select all

#### RULES ####
# Remove ndo2db messages
:msg, contains, "ndo2db" ~

# Send all logs to loghost server
*.* @@loghost:514
loghost

Code: Select all

#### RULES ####
# Remove ndo2db messages
:msg, contains, "ndo2db" ~

Re: Limit logging to /var/log/messages

Posted: Tue Dec 18, 2018 10:11 am
by npolovenko
@BackNBlack, Probably because ndo2db was a source and not in the message itself. Please try:
:msg, contains, "Trimming" ~
And restart the rsyslog.

Re: Limit logging to /var/log/messages

Posted: Tue Dec 18, 2018 10:59 am
by BackNBlack
Bingo!

Adding that line to the local rsyslog.conf file will eliminate the "Trimming" entries from the local /var/log/messages file and also the loghost.

Thanks!

Re: Limit logging to /var/log/messages

Posted: Tue Dec 18, 2018 11:33 am
by lmiltchev
@BackNBlack, is it safe to lock this topic and mark it as resolved?

Re: Limit logging to /var/log/messages

Posted: Tue Dec 18, 2018 2:28 pm
by BackNBlack
Yes
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited