Page 1 of 1
CLI to get host sending logs in last week
Posted: Thu Feb 27, 2020 11:30 am
by biswajit.banerjee
Hi
We have web ui to see all the host sending logs for last 24 Hours .
My question is
do we have any cli to check if the mentioned host is sending logs to Nagios Log server in past week or last 24 Hours
Re: CLI to get host sending logs in last week
Posted: Thu Feb 27, 2020 1:08 pm
by scottwilkerson
You can use the following from one of your Log Server instances for the last day
Code: Select all
curl -XPOST "localhost:9200/_search?search_type=count&pretty=1" -d '{"query":{"filtered":{"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":"now-1d","to":"now"}}}]}}}},"aggs":{"hosts":{"terms":{"field":"host.raw", "size":9999}}}}'
and the following for the last 7 days
Code: Select all
curl -XPOST "localhost:9200/_search?search_type=count&pretty=1" -d '{"query":{"filtered":{"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":"now-7d","to":"now"}}}]}}}},"aggs":{"hosts":{"terms":{"field":"host.raw", "size":9999}}}}'
notice we are changing the "from" from
now-1d to
now-7d
Re: CLI to get host sending logs in last week
Posted: Fri Feb 28, 2020 12:06 pm
by biswajit.banerjee
Thanks
Do we have any Plugin , If host is sending log is shows Ok on Nagios XI , If not then Gives Warning
Can you suggest some thing on this line .
TIA
Re: CLI to get host sending logs in last week
Posted: Fri Feb 28, 2020 12:30 pm
by scottwilkerson
Yes, you can run the Nagios Log Server Wizard, and use the "Text Queries" section
There is an example here
https://support.nagios.com/forum/viewto ... 25#p304084
but in your case to warn on 0 entries, in the warning threshold enter
@1
Re: CLI to get host sending logs in last week
Posted: Mon Mar 02, 2020 10:48 am
by biswajit.banerjee
Hi
Some how i could find the Nagios Log Server Wizard in Configure section .
Also My requirement is
I have 2000+ Devices
I have a target to onboard all network devices on Log Server , But it is not in my control as done by Network Team .
I want to apply a nagios XI template to all the devices i wanted to have it onboarded on NLS and see which one is onboarded as OK and which is not as Warning in Nagios XI
Can you suggest some thing on that line .
The second approach is
Install NRPE on NLS
Make a script to fetch all devices sending logs in past one week
Then call Nrpe to check the host against the captured devices file
The problem I am facing in second approach is I am not able to pass the Ipaddress of te concerning host via nrpe
From NLS
Code: Select all
[root@usvanagiosplog2 ~]# /usr/local/nagios/libexec/check_host.sh 139.68.12.15
OK: 139.68.12.15 is configured in Nagios Log Server and recieving Logs
[root@usvanagiosplog2 ~]# /usr/local/nagios/libexec/check_host.sh 139.68.12.17
WARNING: 139.68.12.17 is NOT configured in Nagios Log Server
From Nrpe
Code: Select all
[root@usvanagiosplog2 ~]# /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_NLS_host -a 139.68.12.17
OK: $ is configured in Nagios Log Server and recieving Logs
cat /usr/local/nagios/libexec/check_host.sh
Code: Select all
#!/bin/bash
HOSTCHECK=`grep $1 /tmp/host1.txt> /dev/null 2>&1 ; echo $?`
if [[ ${HOSTCHECK} == 0 ]] ; then
echo "OK: $1 is configured in Nagios Log Server and recieving Logs "
exit 0
else
echo "WARNING: $1 is NOT configured in Nagios Log Server "
exit 1
fi
Can you please help , where I am going wrong
Re: CLI to get host sending logs in last week
Posted: Mon Mar 02, 2020 3:05 pm
by scottwilkerson
I'm not exactly sure I understand what you are doing here, but do you have this set to 1 in your
/usr/local/nagios/etc/nrpe.cfg?
Re: CLI to get host sending logs in last week
Posted: Mon Mar 02, 2020 3:15 pm
by biswajit.banerjee
Was Already set
Re: CLI to get host sending logs in last week
Posted: Mon Mar 02, 2020 3:56 pm
by scottwilkerson
biswajit.banerjee wrote:Was Already set
To be clear, you are checking this on
usvanagiosplog2 correct?
Can you show the command definition line for
check_NLS_host from the nrpe.cfg? does it contain
$ARG1$ ?
Re: CLI to get host sending logs in last week
Posted: Mon Mar 02, 2020 11:11 pm
by biswajit.banerjee
Thanks , it sorted out .
Re: CLI to get host sending logs in last week
Posted: Tue Mar 03, 2020 8:47 am
by scottwilkerson
biswajit.banerjee wrote:Thanks , it sorted out .
Great!
Locking thread