Centralized Log Monitoring for AlmaLinux 9 with Nagios Log Server 2024R2: A Complete Guide

Picture of Ayub Huruse
Ayub Huruse
AlmaLinux 9

AlmaLinux 9 is a community-driven, enterprise-grade Linux distribution designed for stability and performance. Monitoring system logs from AlmaLinux servers is critical for detecting issues, ensuring security, and maintaining compliance. Nagios Log Server 2024R2 offers a centralized platform to collect, search, and analyze log data across your infrastructure. This guide walks you through configuring AlmaLinux 9 to forward logs to Nagios Log Server using the built-in rsyslog service.

Prerequisites

Ensure you have the following:

  • An AlmaLinux 9 server with root or sudo access
  • A running Nagios Log Server 2024R2 instance
  • Network connectivity between the AlmaLinux server and Log Server (default port 5544 open)
  • SELinux disabled or properly configured for rsyslog

Step 1: Access Log Source Setup in Nagios Log Server

1. Log into your Nagios Log Server web interface.

2. Click the + Add Log Source button at the top.

Add log source screenshot
+ Add Log Source

3. Select Linux as the source type.

linux circle screenshot
Linux

    Step 2: Run the Auto-Configuration Script on AlmaLinux 9

    1. Copy the setup script command shown in the Nagios interface. It looks similar to:

    curl -sS -O http://<logserver-ip>/nagioslogserver/scripts/setup-linux.sh
    sudo bash setup-linux.sh -s <logserver-ip> -p 5544
    • Replace <logserver-ip> with the IP or DNS name of your Nagios Log Server.

    2. Example Output:

    curl -sS -O http://192.168.1.123/nagioslogserver/scripts/setup-linux.sh 
    sudo bash setup-linux.sh -s 192.168.0.31 -p 5544

    3. Confirm the script output shows successful configuration:

    • “Detected rsyslog…”
    • “rsyslog configuration check passed.”
    • “rsyslog is running with the new configuration.”

      Step 3: Verify Logs Are Reaching Nagios Log Server

      1. In the Nagios Log Server web UI, enter the AlmaLinux server’s IP under Verify Incoming Logs.

      2. Alternatively, go to Dashboards > Nagios Log Server Search and run:

      host.ip:<AlmaLinux-IP>

      3. To test log transmission, run:

      logger This is a test log entry

      4. Verify the entry appears in the Nagios Log Server interface.

      All events
      log entry

        Optional: Manual rsyslog Configuration (Advanced)

        If you prefer not to use the script, follow these steps:

        1. Create a custom rsyslog config file:

        sudo nano /etc/rsyslog.d/.conf

        2. Add the following content (replace IP and port as needed):

        # ### begin forwarding rule ### NAGIOSLOGSERVER
        $WorkDirectory /var/lib/rsyslog
        $ActionQueueFileName fwdRule1
        $ActionQueueMaxDiskSpace 1g
        $ActionQueueSaveOnShutdown on
        $ActionQueueType LinkedList
        $ActionResumeRetryCount -1
        *.* @@192.168.1.123:5544
        # ### end of the forwarding rule ###

        3. Restart rsyslog:

        sudo systemctl restart rsyslog

        4. Verify logs are received as in Step 3.

          Step 4: Adding More Log Sources

          Use the + Add Log Source button to configure:

          • Windows event logs
          • App logs
          • Archived logs

          Conclusion

          You’ve successfully configured AlmaLinux 9 to send logs to Nagios Log Server 2024R2. Whether using the automatic script or manual configuration, this setup allows centralized logging, simplifying monitoring and analysis. For advanced use cases, explore custom filtering, alerting, and integrations in the Nagios Log Server interface.

          Resource

          Share: