Comprehensive Guide: Forwarding Ubuntu 14.04 LTS Logs to Nagios Log Server 2024R2

Nagios Log Server provides IT administrators with a powerful solution for centralized log collection, analysis, and management. This guide walks you through the process of configuring Ubuntu 14 to forward logs to Nagios Log Server using rsyslog. By following these step-by-step instructions, you’ll enable seamless log transmission, ensuring real-time monitoring, enhanced security, and efficient troubleshooting for your system.

Note: Ubuntu 14.04 LTS reached end-of-life on April 25, 2019, and is unsupported. Its outdated packages (e.g., `rsyslog 7.4.4`) may not fully support modern features or security standards required by Nagios Log Server 2024R2. Use this guide for legacy systems only; upgrading to a supported Ubuntu version (e.g., 22.04 LTS) is strongly recommended.

Prerequisites

Before proceeding, ensure you have the following:

• Access to a Nagios Log Server instance (recommended latest stable release).
• An Ubuntu 14 system.
• Root or sudo privileges on your Ubuntu machine.
• Network connectivity between Ubuntu and Nagios Log Server (verify firewall settings).

Video Tutorial

For a visual walkthrough, watch this detailed step-by-step guide:

Step 1: Add a New Log Source in Nagios Log Server

1. Login to Nagios Log Server:
   • Open your web browser and navigate to your Nagios Log Server instance.
   • Log in with your administrator credentials.
2. Navigate to Log Source Setup:
   • On the Home page, locate the + Linux button at the bottom right corner.

• Alternatively, click + Add Log Source in the navigation bar and select Linux.

Step 2: Configuring the Linux Log Source

1. Download and Run the Setup Script

• The Linux Source Setup page provides a pre-configured command.
• Copy the command and paste it into the Ubuntu terminal.

If curl is not installed, install it first:

sudo apt update && sudo apt install -y curl

Then, execute the following command to download and run the setup script:

curl -sS -O http://your-nagios-log-server-address/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s your-nagios-log-server-address -p 5544

Replace your-nagios-log-server-address with the actual IP address or hostname of your Nagios Log Server.

• The -s flag specifies the Nagios Log Server address.
• The -p 5544 specifies the port for log transmission (default is 5544).

2. Verify the Script Execution

After running the script, you should see a confirmation message:

Detected rsyslog 7.4.4
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 192.168.0.65:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
getenforce command not found, assuming SELinux is disabled.
rsyslog configuration check passed.
Restarting rsyslog service with 'service'..  
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.

• If you encounter any errors, check the script logs.
• Ensure that the Nagios Log Server is reachable and that port 5544 is open.

Step 3: Confirming Log Reception

1. Navigate to Dashboards in Nagios Log Server:
   • Go to the Dashboards section.
   • Perform a query using the IP address of the Ubuntu machine to confirm logs are being received.
2. Send a Test Log Entry:

logger "This is a test log entry"

3. Refresh the Nagios Log Server dashboard:
   • If successful, you should see the test log entry listed in the dashboard.

Step 4: Accessing the Setup Script on Nagios Log Server

The setup script is located on the Nagios Log Server instance at:

/var/www/html/nagioslogserver/www/scripts/setup-linux.sh

You can access it directly via a browser or SSH if you need to make manual adjustments.

Step 5: Adding More Log Sources

Use the + Add Log Source button to configure additional sources, such as:

• Windows event logs
• Application logs
• Archived log files

Some log sources offer both scripted and manual setup options.

• The manual method provides more customization by allowing direct configuration file edits.

Troubleshooting Tips

1. Check rsyslog Status

Ensure that rsyslog is installed and running:

systemctl status rsyslog

If the service is not running, start it:

sudo systemctl start rsyslog

2. Verify Network Connectivity

Ensure that the Ubuntu machine can communicate with Nagios Log Server on port 5544.

• Check for network restrictions such as firewalls or proxy settings.

3. Check Firewall Settings

If you’re using ufw on Ubuntu, allow traffic on port 5544:

sudo ufw allow 5544/tcp

Also, check if there are any firewall rules on the Nagios Log Server that might block incoming log data.

4. Review Log Files

If the above steps don’t resolve the issue, review the log files:

• On Ubuntu: sudo cat /var/log/syslog | grep rsyslog
• On Nagios Log Server: tail -f /var/log/logserver/nagios.log

Conclusion

By following this guide, you have successfully configured your Ubuntu 14 machine to send logs to Nagios Log Server 2024R2 for centralized monitoring. This setup allows you to efficiently monitor system logs and gain insights into potential issues in real-time.

You can now extend your log monitoring capabilities by:

• Adding other sources
• Fine-tuning your configurations
• Creating alerts for critical log events

For troubleshooting or further assistance, visit the Nagios Knowledgebase or check the Nagios Support Forums.