Effortless Log Forwarding: Sending Oracle Linux 8 Logs to Nagios Log Server 2024R2

Picture of Ayub Huruse
Ayub Huruse
Oracle Linux 8

Logs are the backbone of proactive system monitoring, security auditing, and troubleshooting in any IT infrastructure. Oracle Linux 8, when properly configured, can seamlessly transmit logs to Nagios Log Server 2024R2, enabling real-time analysis and centralized log management.

This step-by-step guide will take you through setting up rsyslog on Oracle Linux 8 to forward system logs efficiently. By the end of this tutorial, you’ll have a fully integrated logging solution that enhances visibility, aids in compliance, and strengthens system security.

Prerequisites

Before proceeding, ensure you have the following:

  • Access to a Nagios Log Server instance (latest stable release recommended)
  • A system running Oracle Linux 8
  • Root or sudo privileges on your Oracle Linux machine
  • Network connectivity between Oracle Linux and Nagios Log Server (ensure port 5544 is open)

Step 1: Add a New Log Source in Nagios Log Server

  1. Login to Nagios Log Server:
    • Open your web browser and navigate to your Nagios Log Server instance.
    • Log in using your administrator credentials.
  2. Navigate to Log Source Setup:
    • On the Home page, locate and click the + Linux button in the upper right.
linux circle screenshot 3
+ Linux

3. Alternatively, click + Add Log Source in the navigation bar and select Linux.

Screenshot 2025 03 20 094211 4
+ Add Log Source

    Step 2: Configuring the Linux Log Source

    1. Download and Run the Setup Script

    The Linux Source Setup page provides a code block with a pre-configured command.

    If curl is not installed, run:

    sudo dnf install -y curl

    Then, run the following command (replace <nagios-log-server-address> with your actual server IP or hostname):

    curl -sS -O http://<nagios-log-server-address>/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s <nagios-log-server-address> -p 5544
    • -s specifies the Log Server address
    • -p 5544 is the default port for syslog ingestion

    2. Verify the Script Execution

    You should see an output like:

    Detected rsyslog 8.x
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: 192.168.0.31:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
SELinux is disabled.
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
rsyslog is running with the new configuration.

    Check the Nagios Log Server dashboard to confirm that logs are being received.

    Step 3: Confirming Log Reception

    1. Navigate to the Dashboards section in Nagios Log Server.
    2. In the Search panel, run a query for the new source IP:
    host.ip:<Oracle Linux 8 IP>
    1. Send a test log entry from the Linux machine:
    logger "This is a test log entry"

    If successful, the test entry will appear in the results.

    Screenshot 2025 02 13 094117 3
    test entry

    Step 4: Accessing the Setup Script on the Server

    The script is stored on the Nagios Log Server here:

    /var/www/html/nagioslogserver/www/scripts/setup-linux.sh

    This script can be accessed directly via a browser or edited via SSH for custom changes.

    Step 5: Manual Setup (Optional)

    If you prefer to configure manually:

    1. Create a configuration file:
    sudo nano /etc/rsyslog.conf
    1. Add this line (replace with your Nagios Log Server IP):
    # ### begin forwarding rule ### NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @@192.168.1.113:5544
# ### end of the forwarding rule ###
    1. Restart rsyslog:
    sudo /etc/init.d/rsyslog restart

    Step 6: Adding More Log Sources

    Use the + Add Log Source button to configure additional sources such as:

    • Windows Event Logs
    • Application Logs
    • Archived Log Files

    Both scripted and manual setup options are available. Manual setup allows for deeper customization by editing config files directly.

    Troubleshooting Tips

    1. Check rsyslog Status:
    sudo systemctl status rsyslog

    Start it if it’s not running:

    sudo systemctl start rsyslog
    1. Check Connectivity: Ensure port 5544 is open and reachable.
    2. Check Firewall:
    sudo firewall-cmd --zone=public --add-port=5544/tcp --permanent
sudo firewall-cmd --reload
    1. Review Logs:
    cat /var/log/messages | grep rsyslog

    On Nagios Log Server:

    tail -f /var/log/logserver/nagios.log

    Conclusion

    You’ve successfully configured Oracle Linux 8 to forward logs to Nagios Log Server 2024R2. This setup gives you real-time visibility into system logs, performance events, and security data—essential for proactive system administration.

    Explore additional sources and alerting options in Nagios Log Server for an even more powerful monitoring setup.

    For additional resources:

    Share:
    On this page
      Tags
      Related Articles
      Share:

      Products

      Nagios XI

      Nagios CSP

      Nagios Log Server

      Nagios Network Analyzer

      Nagios Fusion

      Projects

      Nagios Core

      Nagios Plugins

      NSClient++

      NDOUTILS

      NCPA

      NRPE

      NRDP

      Resources

      Documentation

      Developer Corner

      Video Tutorials

      Changelog

      Solutions

      Tech Tips

      Training

      Support

      Knowledgebase

      Nagios Forum

      Support Home

      Support Tips

      Get Support

      Customer Portal

      Community

      World Conference

      Bounty Program

      MVP Awards

      Nagios Exchange

      Articles

      Get Involved

      Company

      Story of Nagios

      Nagios Alternatives

      Why Nagios?

      The Nagios Team

      Careers

      Contact Us

      Contact Sales

      Downloads

      Nagios Enterprises, LLC | Website Copyright © 2009 - . All rights reserved.

      Github Facebook-f Youtube Linkedin-in X-twitter