Nagios Support Forum

Greetings,

I am interested in utilizing Log Server to monitor windows event logs from Windows 10 and RHEL7 clients that are configured to use DHCP.

What I'm seeing now- in the Unique Hosts report, the same client is listed multiple times under different IP addresses. Ideally, I would expect LS to track unique hosts by identifiable criteria other than IP, which is subject to change. I would expect a specific host to be listed only once and show its most recent IP address. The DHCP range IPs on this report are missing DNS names which I believe is a separate issue related to our VPN and Windows/Linux DNS servers.

Can Nagios LS be configured to effectively handle tracking hosts with dynamic IPs?

Thanks

Welcome to the forums, @sagansapien!

The report page uses the host field of an event to create the tables you see. The DNS filter can be used to resolve the IP to a hostname and replace the value of the host field:

https://support.nagios.com/forum/viewto ... 37&t=40596

I would also point out that event logs will usually have the hostname in a different field - usually called Hostname.

I've attached a dashboard that reports on the Hostname field. It can be imported under Dashboards > Load > Advanced and here is a document to assist with creating dashboards:

https://assets.nagios.com/downloads/nag ... Server.pdf

There are also a few user submitted dashboards on our exchange:

https://exchange.nagios.org/directory/A ... Dashboards

Hi cdienger,

Thank you for your reply.

Unfortunately my environment is plagued with DNS issues as well. RHEL users connected via the VPN don't dynamically register their DNS names. The Windows clients do but our Log Server isn't picking up the DNS names for those either. Problem is on our side for sure.

Hoping we can disregard the default Unique Hosts report and build our own to work around the DHCP issue. Still learning my way around LS.

Thank you

Like the event logs have an additional field to contain the host name, a lot of Linux systems will have a logsource field. You can check for it in the default dashboard's 'All Events' table by expanding one the events from a Linux machine.