Nagios Support Forum

Hello, I am running the latest NLS, on a 64-bit VM, CentOS

Under Global Config, I see Inputs and Filters.

I would like to load old logs from Linux and Windows servers.

I looks like I need filters that correspond to some of the inputs.

Where can I get a standard filter for Windows event logs and Linux syslogs?

Earl

What exactly are you trying to do with filters? Filters are not necessary to import data and the default syslog input can parse syslog data while the Windows Event Log input accepts data in the json format.

Here are the inputs in case you need them:

Hello,

I'm trying to do something like this: cat ./old-windows-logs.txt | nc 127.0.0.1 3515

It does not seem to take it in.

Earl

Hello,

I found the log entries from using nc on the local host to send a file of logs entries from a different host. But they ended up in NLS identified with the localhost. And I had to open an older shard to see them in a query.

So if I have an old log server with 900 servers, and 1825 days of logs (files are per day), I have to move the files to the source server (which may not exist) and then send the logs to the correct port on NLS?

Earl

That would be one option. Another would be to make sure the log entries have an entry for the host field that points to the original client's IP or hostname.

Hello,

I'm still having difficulty.

If I load logs from 2019-05-13, but my oldest registered shard is 2019-05-16, where does the information go?

I do not see a 2019-05-13 shard created.

Earl

If the date is parsed out properly, then it should inserted into the corresponding index. Can you share a sample of the 2019-05-13 and the logstash configuration so I can take a closer look?

Hello,

I think I understand this now.

Please lock it.

Earl

Please lock it.
Earl

We'll close this out. If you have any questions in the future, please feel free to open a new one.