Configuring Arch Linux 2023 to Forward Logs to Nagios Log Server 2024R2
Log management is a crucial aspect of system monitoring, helping IT teams detect issues, analyze performance, and ensure security compliance. With Nagios Log Server 2024R2, you can centralize log collection and gain real-time insights from various sources.
This guide will walk you through configuring Arch Linux 2023 to forward logs using rsyslog, enabling seamless integration with Nagios Log Server for enhanced monitoring and troubleshooting.
Note: Arch Linux’s rolling-release model means no fixed “2023” version exists; this guide assumes a system updated to March 2025 packages.
Prerequisites
Before proceeding, ensure you have the following:
- Access to a Nagios Log Server instance (latest stable release recommended)
- A system running Arch Linux 2023
- Root or sudo privileges on your Arch machine
- Network connectivity between Arch Linux and Nagios Log Server (ensure port 5544 is open)
Step 1: Add a New Log Source in Nagios Log Server
- Login to Nagios Log Server:
- Open your web browser and navigate to your Nagios Log Server instance.
- Log in using your administrator credentials.
- Navigate to Log Source Setup:
- On the Home page, locate and click the + Linux button in the upper right.
3. Alternatively, click + Add Log Source in the navigation bar and select Linux.
Step 2: Configuring the Linux Log Source
1. Download and Run the Setup Script
The Linux Source Setup page provides a code block with a pre-configured command.
If curl is not installed, run:
sudo pacman -Syu curlThen, run the following command (replace <nagios-log-server-address> with your actual server IP or hostname):
curl -sS -O http://<nagios-log-server-address>/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s <nagios-log-server-address> -p 5544-sspecifies the Log Server address-p 5544is the default port for syslog ingestion
Example Output:
curl -sS -O http://192.168.0.123/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s 192.168.0.123 -p 55442. Verify the Script Execution
You should see an output like:
Detected rsyslog 8.2402.0
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 192.168.0.31:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
rsyslog configuration check passed.
Restarting rsyslog service...
rsyslog is running with the new configuration.
Check the Nagios Log Server dashboard to confirm logs.- Note: Arch uses /var/spool/rsyslog and systemctl, not service. SELinux is not present.
- If errors occur, verify connectivity and port 5544.
- Check the Nagios Log Server dashboard to confirm that logs are being received.
Step 3: Configure Firewall
Arch has no default firewall. If using iptables:
sudo pacman -S iptables
sudo iptables -I INPUT -p tcp --dport 5544 -j ACCEPT
sudo iptables-save > /etc/iptables/iptables.rulesOr, if using ufw (optional):
sudo pacman -S ufw
sudo ufw allow 5544/tcp
sudo ufw enableVerify:
sudo iptables -L -nStep 4: Confirming Log Reception
- In Nagios Log Server, go to Dashboards > Search.
- In the Search panel, run a query for the new source IP:
host.ip:<Arch Linux 2023 IP>- Send a test log entry from the Linux machine:
logger "This is a test log entry"If successful, the test entry will appear in the results.
Step 5: Accessing the Setup Script on the Server
The script is stored on the Nagios Log Server here:
/var/www/html/nagioslogserver/www/scripts/setup-linux.shThis script can be accessed directly via a browser or edited via SSH for custom changes.
Step 6: Manual Setup (Optional)
If you prefer to configure manually:
- Create a configuration file:
sudo nano /etc/rsyslog.conf- Add this line (replace with your Nagios Log Server IP):
# ### begin forwarding rule ### NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @@192.168.1.113:5544
# ### end of the forwarding rule ###- Restart rsyslog:
sudo /etc/init.d/rsyslog restart
Step 7: Adding More Log Sources
Use the + Add Log Source button to configure additional sources such as:
- Windows Event Logs
- Application Logs
- Archived Log Files
Both scripted and manual setup options are available. Manual setup allows for deeper customization by editing config files directly.
Troubleshooting Tips
- Check rsyslog Status:
sudo systemctl status rsyslogStart it if it’s not running:
sudo systemctl start rsyslog- Check Connectivity: Ensure port 5544 is open and reachable.
- Check Firewall:
sudo ufw allow 5544/tcp- Review Logs:
cat /var/log/syslog | grep rsyslogOn Nagios Log Server:
tail -f /var/log/logserver/nagios.logConclusion
You’ve successfully configured Arch Linux 2023 to forward logs to Nagios Log Server 2024R2. This setup gives you real-time visibility into system logs, performance events, and security data—essential for proactive system administration.
Explore additional sources and alerting options in Nagios Log Server for an even more powerful monitoring setup.
For additional resources:
