Forwarding RHEL 7 Logs to Nagios Log Server 2024R2

Nagios Log Server delivers a robust solution for centralized log collection, analysis, and alerting, empowering administrators to monitor system health and stay ahead of potential issues. By forwarding logs to Nagios Log Server 2024R2, you gain real-time visibility into your infrastructure, enabling proactive monitoring and faster issue resolution. This guide will take you through the process of configuring your RHEL 7 system to seamlessly send logs to Nagios Log Server, ensuring efficient log management and enhanced system insights.

Prerequisites

• Nagios Log Server 2024R2 is installed and accessible.
• A RHEL 7 system with root or sudo access.
• Network access between RHEL 7 and Nagios Log Server on port 5544.
• rsyslog is installed (default on RHEL 7).

Step 1: Add a New Log Source in Nagios Log Server

1. Open your browser and log into Nagios Log Server.
2. On the Home page, click + Add Log Source or the + Linux button.
3. Choose Linux as the source type.

Step 2: Configuring the RHEL 7 Log Source

1. Download and Run the Setup Script

If curl is not installed:

sudo yum install -y curl

Run the setup script:

curl -sS -O http://<NagiosLogServerIP>/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s <NagiosLogServerIP> -p 5544

Replace <NagiosLogServerIP> with your actual server address.

2. Verify the Script Execution

Expected output:

Detected rsyslog 8.1901.0
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: 192.168.0.62:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
SELinux is disabled.
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
Redirecting to /bin/systemctl restart rsyslog.service
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.

Step 3: Confirming Log Reception

1. In Nagios Log Server:

• Navigate to Dashboards > Search.
• Search using:

host.ip:<RHEL-IP>

2. Send a Test Log Entry:

logger "This is a test log entry"

• Refresh the dashboard to see the entry.

Step 4: Accessing the Setup Script

The setup script resides on the Nagios Log Server at:

/var/www/html/nagioslogserver/www/scripts/setup-linux.sh

Step 5: Manual Setup (Optional)

1.  Edit the rsyslog configuration:

sudo nano /etc/rsyslog.d/.conf

Add the following lines at the begin forwarding rule section:

# ### begin forwarding rule ### NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @@192.168.1.123:5544
# ### end of the forwarding rule ###

Replace /var/lib/rsyslog with the correct path if different, and 192.168.1.123 with the IP address of your Nagios Log Server.

2. Restart rsyslog:

sudo /etc/init.d/rsyslog restart

Step 6: Adding More Log Sources

Use the + Add Log Source button to configure:

• Windows event logs
• App logs
• Archived logs

Troubleshooting Tips

1. Check rsyslog Status:

systemctl status rsyslog

Start it if needed:

sudo systemctl start rsyslog

2. Verify Network Access:

Ensure RHEL 7 can reach the Nagios Log Server on port 5544.

3. Check Firewall:

sudo firewall-cmd --zone=public --add-port=5544/udp --permanent
sudo firewall-cmd --reload

4. Review Logs:

sudo grep rsyslog /var/log/messages

On the Log Server:

tail -f /var/log/logserver/nagios.log

Video Tutorial

For a step-by-step walkthrough, watch this video:

Conclusion

You’ve successfully configured RHEL 7 to forward logs to Nagios Log Server 2024R2. This integration supports centralized monitoring, faster troubleshooting, and improved visibility.

For further help, check the Nagios Knowledgebase or Nagios Support Forums.