Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

not seeing any events in the dashboard

https://support.nagios.com/forum/viewtopic.php?t=55559

Page 1 of 1

not seeing any events in the dashboard

Posted: Fri Sep 13, 2019 2:14 am
by newmember
added syslog from a linux server and added a new raw log input from the same linux serer reading custom logs.

Followed the trouble shooting from here:
https://support.nagios.com/kb/article.p ... ategory=42

Here is tcpdump event:
07:10:44.206958 IP 184.150.227.68.37299 > ls.domain.com.5544: Flags [P.], seq 26832:28160, ack 1, win 229, options [nop,nop,TS val 3207067991 ecr 2393396913], length 1328
07:10:44.206980 IP ls.domain.com.5544 > 184.150.227.68.37299: Flags [.], ack 28160, win 853, options [nop,nop,TS val 2393396981 ecr 3207067991], length 0

nothing is making into the dashboard.

Some logs appeared 12 hours ago for 15min, but nothing since then.

Thoughts?

Re: not seeing any events in the dashboard

Posted: Fri Sep 13, 2019 9:51 am
by mbellerue
Is that the full output of the tcpdump? Seems pretty slim. Can you let the tcpdump run, and then restart rsyslog on the source Linux machine?

Re: not seeing any events in the dashboard

Posted: Fri Sep 13, 2019 12:02 pm
by newmember
restarted rsyslog:

[root@server rsyslog.d]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: rsyslogd: module 'imfile' already in this config, cannot be added [v8.1908.0 try https://www.rsyslog.com/e/2221 ]
rsyslogd: module 'imfile' already in this config, cannot be added [v8.1908.0 try https://www.rsyslog.com/e/2221 ]
[ OK ]
[root@server rsyslog.d]#


Lots of packets seen at the LS server:

16:56:51.533772 IP 222.150.227.12.48322 > ls.domain.com.2060: Flags , seq 1110731601, win 14600, options [mss 1460,sackOK,TS val 3242235187 ecr 0,nop,wscale 6], length 0
16:56:51.533802 IP ls.domain.com.2060 > 222.150.227.12.48322: Flags [S.], seq 4126277604, ack 1110731602, win 21247, options [mss 8961,sackOK,TS val 2428565147 ecr 3242235187,nop,wscale 7], length 0
16:56:51.551232 IP 222.150.227.12.37835 > ls.domain.com.5544: Flags , seq 1881137469, win 14600, options [mss 1460,sackOK,TS val 3242235217 ecr 0,nop,wscale 6], length 0
16:56:51.551248 IP ls.domain.com.5544 > 222.150.227.12.37835: Flags [S.], seq 1810750712, ack 1881137470, win 21247, options [mss 8961,sackOK,TS val 2428565165 ecr 3242235217,nop,wscale 7], length 0
16:56:51.612350 IP 222.150.227.12.48322 > ls.domain.com.2060: Flags [.], ack 1, win 229, options [nop,nop,TS val 3242235267 ecr 2428565147], length 0
16:56:51.612913 IP 222.150.227.12.48322 > ls.domain.com.2060: Flags [P.], seq 1:779, ack 1, win 229, options [nop,nop,TS val 3242235267 ecr 2428565147], length 778
16:56:51.612925 IP ls.domain.com.2060 > 222.150.227.12.48322: Flags [.], ack 779, win 222, options [nop,nop,TS val 2428565227 ecr 3242235267], length 0
16:56:51.613706 IP 222.150.227.12.48322 > ls.domain.com.2060: Flags [.], seq 779:3675, ack 1, win 229, options [nop,nop,TS val 3242235212 ecr 2428565147], length 2896
16:56:51.613723 IP ls.domain.com.2060 > 222.150.227.12.48322: Flags [.], ack 3675, win 212, options [nop,nop,TS val 2428565227 ecr 3242235212], length 0
16:56:51.614296 IP 222.150.227.12.48322 > ls.domain.com.2060: Flags [.], seq 3675:5123, ack 1, win 229, options [nop,nop,TS val 3242235212 ecr 2428565147], length 1448
16:56:51.614310 IP ls.domain.com.2060 > 222.150.227.12.48322: Flags [.], ack 5123, win 290, options [nop,nop,TS val 2428565228 ecr 3242235212], length 0
16:56:51.614378 IP 222.150.227.12.48322 > ls.domain.com.2060: Flags [.], seq 5123:10915, ack 1, win 229, options [nop,nop,TS val 3242235212 ecr 2428565147], length 5792
16:56:51.614391 IP ls.domain.com.2060 > 222.150.227.12.48322: Flags [.], ack 10915, win 381, options [nop,nop,TS val 2428565228 ecr 3242235212], length 0
16:56:51.614395 IP 222.150.227.12.48322 > ls.domain.com.2060: Flags [.], seq 10915:12363, ack 1, win 229, options [nop,nop,TS val 3242235212 ecr 2428565147], length 1448
16:56:51.614397 IP ls.domain.com.2060 > 222.150.227.12.48322: Flags [.], ack 12363, win 403, options [nop,nop,TS val 2428565228 ecr 3242235212], length 0
16:56:51.618358 IP 222.150.227.12.37835 > ls.domain.com.5544: Flags [.], ack 1, win 229, options [nop,nop,TS val 3242235284 ecr 2428565165], length 0
16:56:51.618384 IP 222.150.227.12.37835 > ls.domain.com.5544: Flags [P.], seq 1:61, ack 1, win 229, options [nop,nop,TS val 3242235284 ecr 2428565165], length 60
16:56:51.618389 IP ls.domain.com.5544 > 222.150.227.12.37835: Flags [.], ack 61, win 210, options [nop,nop,TS val 2428565232 ecr 3242235284], length 0
16:56:51.622233 IP 222.150.227.12.37835 > ls.domain.com.5544: Flags [.], seq 61:1509, ack 1, win 229, options [nop,nop,TS val 3242235284 ecr 2428565165], length 1448
16:56:51.622248 IP ls.domain.com.5544 > 222.150.227.12.37835: Flags [.], ack 1509, win 233, options [nop,nop,TS val 2428565232 ecr 3242235284], length 0
16:56:51.622298 IP 222.150.227.12.37835 > ls.domain.com.5544: Flags [.], seq 1509:4405, ack 1, win 229, options [nop,nop,TS val 3242235284 ecr 2428565165], length 2896
16:56:51.618505 IP ls.domain.com.5544 > 222.150.227.12.37835: Flags [.], ack 4405, win 278, options [nop,nop,TS val 2428565232 ecr 3242235284], length 0
16:56:51.618523 IP 222.150.227.12.37835 > ls.domain.com.5544: Flags [.], seq 4405:7301, ack 1, win 229, options [nop,nop,TS val 3242235284 ecr 2428565165], length 2896

Re: not seeing any events in the dashboard

Posted: Fri Sep 13, 2019 12:04 pm
by newmember
Looking at nagiosLS GUI:

I see some packets appearing in the GUI.

import_raw <133>Sep 13 10:55:52 server OCS_CALLED_TAG: # 2019/09/13 09:58:58


I dont see anything before and after the initial restart.

Thanks

Re: not seeing any events in the dashboard

Posted: Fri Sep 13, 2019 1:27 pm
by mbellerue
I'm seeing a couple of errors when rsyslogd is restarted. Can you just run a service rsyslog status just to make sure it's running.

Then if you could send me the configuration files in /etc/rsyslog.d/, as well as a system profile from Log Server, that would be great.

Re: not seeing any events in the dashboard

Posted: Wed Sep 18, 2019 11:23 am
by newmember
I PMed the files you asked for.

I am just checking in

Thanks

Re: not seeing any events in the dashboard

Posted: Wed Sep 18, 2019 1:23 pm
by mbellerue
My apologies for the delay. I've PM'd you a zip file with rsyslog config files. Everything looked good, except the configs. It looks like you had 3 logs you were trying to get to Log Server. 2 of those were doubled up, having their own configuration files, as well as an entry in 99-nagioslogserver.conf. There was also conflicting information between those configurations. I'm not sure if that's the source of the problem, but it's certainly not helping.

In the new configuration files I sent, I have the logs going to Log Server by host name, rather than IP. They're also going to port 2060. If you'd rather they go to the syslog port, then you will have to change the port in the config files to 5544.

Re: not seeing any events in the dashboard

Posted: Wed Sep 18, 2019 1:43 pm
by newmember
chekcing

no PM in my INBOX.

Thanks

Re: not seeing any events in the dashboard

Posted: Wed Sep 18, 2019 3:47 pm
by mbellerue
Okay should be there now. I tried sending as code blocks rather than a zip.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited