Sending Nagios core logs to the Nagios log server is not a difficult process. We do it by downloading and creating a filter, configuring the Nagios server, reviewing logs, and finally uploading the dashboard.
Here at Bobcares, we have seen several such Nagios-related queries as part of our Server Management Services for web hosts and online service providers.
Today we’ll take a look at how to send Nagios core logs to the Nagios log server.
Sending Nagios core logs to Nagios log server
Here are the steps our Support Engineers provide to our customers to send Nagios core logs to the Nagios log server.
Download Filter
The first step is to download the filter. A Filter is how the received log data is broken up into fields that are stored in the Elasticsearch database. It uses regular expressions to break apart the data, so it can be quite complicated.
You need not worry about how the filter works, instead, we suggest simply download it. For that, navigate to the below URL:
https://github.com/T-M-D/NLS-Collection/blob/master/Filters/Nagios_Core.txt
Then copy everything from the below line to the end of the file into the clipboard.
if [program] == ‘nagios_core’ {This will get pasted into the new filter that needs to be created in the next step.
Create Filter
The second step is to create a filter.
- For that, open the web interface for your Nagios Log Server instance as an administrator.
- Next, navigate to Configure >> Global (All Instances) >> Global Config.
- Then on the right side of the page click the + Add Filter button and select Custom.
- Now a new filter appears where you would need to provide a title in the Block Name field.
- Paste the filter that you previously copied into your clipboard in the text area.
- Finally, click on the Save button to create the new filter.
- Also, make sure to click the Verify button to ensure the filter you just created is valid.
- Once the verification is successful, you would need to apply the configuration. Click on Apply Configuration in the left pane under Configure.
- Finally, click the Apply button and then click Yes, Apply Now when prompted.
Configure Nagios XI Or Nagios Core Server
After creating the filter, now it’s time to configure the Nagios XI or Nagios Core server to send the nagios.log file to the Nagios Log Server instance.
In the following steps make sure to replace xxx.xxx.xxx.xxx with the address of your Nagios Log Server instance that will be receiving the logs.
First, establish a terminal session to your Nagios XI or Nagios Core server and run the following commands.
# cd /tmp
# curl -s -O http://xxx.xxx.xxx.xxx/nagioslogserver/scripts/setup-linux.sh
# sudo bash setup-linux.sh -s xxx.xxx.xxx.xxx -p 5544 -f “/usr/local/nagios/var/nagios.log” -t nagios_coreAfter executing these commands, any new entries in the nagios.log file will be sent to your Nagios Log Server instance.
Review Logs
Now, you can see if the logs are being received by using a dashboard query. Open the Dashboards page on your Nagios Log Server instance. Then in the query field type the following:
program:nagios_coreAs a result, you must see a filtered list of logs from your Nagios XI or Nagios Core server.
However, the results will vary depending on the log activity your Nagios XI or Nagios Core server generates.
Uploading Dashboards
Many dashboards are available to help analyze the Nagios log data. They are designed to work with the fields generated by the filter you created. You can download them from the below location:
https://github.com/T-M-D/NLS-Collection/tree/master/Dashboards
After downloading the dashboard, upload it. Then on the Dashboards page click Load > Advanced > Browse.
Now locate the Dashboard file you’ve downloaded in the browse window. After opening it, the dashboard page will refresh with the uploaded dashboard.
[Need any further assistance with Nagios queries? – We are here to help you]
Conclusion
Today, we saw how the steps provided by our Support Engineers to send Nagios core logs to the Nagios log server.
0 Comments