Page 1 of 3
Nagios - Additional output
Posted: Thu May 23, 2019 4:14 am
by tcsdi
Hi Support
We would like to seek assistance for configuring our Nagios Log Server.
We were planning to add additional log sources that our Nagios server can output.
May we have a kb on how to edit the configurations ?
Also I have a question:
1.) Is it possible to reuse an output port that is now already being used as an output from another source?
2.) If I have a source ".90" and it is output to another server via port 1555. ?
3.) Can I used the same port to output another source ".91" ?
Looking forward to hearing from you !
Regards
TCSDI
Re: Nagios - Additional output
Posted: Thu May 23, 2019 4:58 pm
by npolovenko
Hello,
@tcsdi. This guide should get you started on adding various Log Sources to the Log Server.
https://assets.nagios.com/downloads/nag ... Server.pdf
To answer your questions, could you clarify if you're trying to send multiple outputs from different types of sources to the same port in the Log Server? That is possible as long as the output from all sources is in the same format.
Re: Nagios - Additional output
Posted: Fri May 24, 2019 12:40 am
by tcsdi
Hi npolovenko,
Can I also have a document on how to output these log sources.
I think the issue I'm having is we are having new log sources but unable to output these logs to our SOC.
Kindly get the system profile here:
https://we.tl/t-rjoTJwCQ2b
Regards,
Christian
Re: Nagios - Additional output
Posted: Fri May 24, 2019 2:42 pm
by npolovenko
@tcsdi, Here's the document on all available types of outputs in Logstash:
https://www.elastic.co/guide/en/logstas ... ugins.html
In the log server to see the list of outputs or define a new one, you can go to the Configure menu and then click on the "Show Outputs" button in the right corner.
Untitled.png
Re: Nagios - Additional output
Posted: Sun May 26, 2019 10:54 pm
by tcsdi
Hi
@npolovenko,
About the image, I tried adding/configuring outputs but it fails.
After I add the outputs, should it also show on conf.d? Can you also send me the KB/document on how to configure the outputs.
For example:
1. how to configure and output logs from a file server with IP 10.5.99.X.
2. or how to configure and output logs from a proxy server with IP 10.5.98.X
Re: Nagios - Additional output
Posted: Tue May 28, 2019 2:55 pm
by ssax
The output filters are logstash outputs and there isn't currently a guide on this.
What type of output is your SOC expecting?
https://www.elastic.co/guide/en/logstas ... ugins.html
Re: Nagios - Additional output
Posted: Tue May 28, 2019 11:36 pm
by tcsdi
Hi Technical Team
I'm referring to this configs:
Also, the outputs I configured on global output doesn't seem to work.
Regards,
Christian
Re: Nagios - Additional output
Posted: Wed May 29, 2019 4:45 pm
by ssax
I don't have any dnslog types but if it change it to syslog it works:
Code: Select all
if [type] =~ /(syslog)/ {
syslog {
host => "X.X.X.X"
port => 1523
sourcehost => "X.X.X.X"
}
}
Did you apply configuration after saving?
Can you verify with tcpdump on the remote system?
- Change ens160 to your proper interface (ifconfig or ip address)
Code: Select all
yum install tcpdump
tcpdump -nnXSs 0 -i ens160 dst port 1523
Re: Nagios - Additional output
Posted: Thu Jun 06, 2019 10:37 pm
by tcsdi
Hi Support
For the AD server, we receive event logs but not dns logs.
We did not make any changes on the config, what could possibly be the reason for this?
Regards,
Re: Nagios - Additional output
Posted: Fri Jun 07, 2019 2:48 pm
by ssax
Because you NEED to make changes to the nxlog config to get the things you want:
https://nxlog.co/documentation/nxlog-us ... erver.html