Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Unable to stop rsyslog logs flowing into Nagios Log Server

https://support.nagios.com/forum/viewtopic.php?t=63620

Page 1 of 1

Unable to stop rsyslog logs flowing into Nagios Log Server

Posted: Wed Sep 29, 2021 8:39 am
by SuryanuSanyal
Hi team,

I was trying to receive rsyslog messages from a linux server using following commands:

[root@client ~]# curl -sS -O http://ip/nagioslogserver/scripts/setup-linux.sh
[root@client ~]# sudo bash setup-linux.sh -s ip -p port

I was following the below document:
https://assets.nagios.com/downloads/nag ... Server.pdf

Now, I am receiving logs but I wanted to stop these logs flowing into Nagios Log Server.

I executed following command to stop these logs:
systemctl stop rsyslog

After executing above command, the logs are still not stopping.
Please suggest the steps for stopping it.

Thanks in advance.

Re: Unable to stop rsyslog logs flowing into Nagios Log Serv

Posted: Thu Sep 30, 2021 12:36 pm
by pbroste
Hello @SuryanuSanyal

Thanks for reaching out, to stop collecting logs from a source, you will want to do the following:

Code: Select all

systemctl stop rsyslog
ls -l /etc/rsyslog.d/  #get list of configs
rm /etc/rsyslog.d/remove_the_config_log_for_the_source_device_found_in_this_directory.conf
systemctl start rsyslog  #only if your device requires this service to run
Thanks,
Perry

Re: Unable to stop rsyslog logs flowing into Nagios Log Serv

Posted: Wed Oct 06, 2021 10:20 am
by SuryanuSanyal
Hi Perry,

Thanks for your input. We used those commands and it stopped.
But there were somethings we observed.
When we ran those commands, the logs stopped coming to Log Server after 2-3 hours approximately.

Also, we were trying to add linux file as log source as per the following documentation:

https://assets.nagios.com/downloads/nag ... Server.pdf

we found that when we run the following command:
echo "This is a test log entry" >> /path/to/file.txt

the logs are coming to the log server as below:
verify incoming logs.png
But these logs were getting reflected on the dashboard after 4-5 hours delay(in the timestamp as well).
What could be the reason behind this delay in both the cases when we are stopping the syslogs and receiving the syslogs.

Kindly provide your inputs on this.

Re: Unable to stop rsyslog logs flowing into Nagios Log Serv

Posted: Wed Oct 06, 2021 3:26 pm
by pbroste
Hello @SuryanuSanyal

Want to have you check and verify that the date, time, and timezone across the system and configs are set correctly.

Code: Select all

mysql -h 127.0.0.1 -uroot -pnagiosxi -e 'SELECT NOW(); SELECT @@GLOBAL.time_zone, @@SESSION.time_zone;'
date
ls -l /etc/localtime
php -r 'echo date("D M j G:i:s T Y")."\n";'
grep "date.timezone =" /etc/php.ini
grep date.timezone /etc/php.ini
php -r "echo date_default_timezone_get();" #timezone
php -r " echo date('Y-m-d H:i:s');"        #date
php -r " echo gmdate('Y-m-d H:i:s');"      #time
Here is a support article that references:

https://support.nagios.com/kb/article/nagios-log-server-cluster-timezone-settings-485.html

Thanks,
Perry
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited