Installing and Configuring Nagios Log Server on SUSE Linux Enterprise Server (SLES) 11

Introduction

Efficient log management is essential for system monitoring, security, and troubleshooting. Nagios Log Server (NLS) provides centralized log collection, real-time data analysis, and alerting to ensure your systems run smoothly.

This guide will walk you through the installation and configuration of Nagios Log Server on SUSE Linux Enterprise Server 11.

Prerequisites

Before proceeding, ensure the following:

• A system running SUSE Linux Enterprise Server 11
• Root privileges
• Internet access or an offline method to transfer the Nagios Log Server package

Verify Your SUSE Version

Run the following command to check your system version:

cat /etc/os-release

Example Output:

NAME="SUSE Linux Enterprise Server"
VERSION="11"
VERSION_ID="11"

Step 1: Download the Nagios Log Server Package

To download the latest Nagios Log Server package for SUSE 11, visit the Nagios Log Server Downloads page or use wget:

wget https://repo.nagios.com/nagios/logserver-latest.sles11.x86_64.rpm

Step 2: Install Nagios Log Server

Method 1: Standard Installation

Update system packages:

zypper refresh
zypper update

Install required dependencies:

zypper install java-1_8_0-openjdk curl

Install the Log Server package:

zypper install ./logserver-latest.sles11.x86_64.rpm

Method 2: Silent Installation (For automated deployments)

rpm -ivh logserver-latest.sles11.x86_64.rpm --quiet

Step 3: Configure Nagios Log Server

After installation, configure the Log Server to accept logs from monitored systems.

Edit the configuration file:

nano /usr/local/nagioslogserver/etc/logserver.cfg

Set the admin user password and enable external access:

[admin]
password = your_secure_password
allow_external_access = true

Save and exit (Press CTRL + X, then Y, then Enter).

Step 4: Start and Enable Nagios Log Server Service

Run the following commands to start the Log Server and enable it at boot:

service nagioslogserver start
chkconfig nagioslogserver on

Verify the service is running:

service nagioslogserver status

Step 5: Configure SUSE Firewall (if enabled)

If the firewall is active, allow traffic on port 5544 (default Log Server port for receiving logs):

iptables -A INPUT -p tcp --dport 5544 -j ACCEPT
iptables-save > /etc/sysconfig/iptables

For firewalld (if installed):

firewall-cmd --add-port=5544/tcp --permanent
firewall-cmd --reload

Step 6: Access Nagios Log Server Web Interface

To verify Nagios Log Server is running, open a web browser and navigate to:

http://<SUSE_IP>:80

Log in using the admin credentials you configured earlier.

Step 7: Configure a Log Source

To collect logs from a remote system, configure a syslog client to send logs to Nagios Log Server.

On a monitored system, edit the syslog configuration file:

nano /etc/rsyslog.conf

Add the following line:

*.* @@<NAGIOS_LOG_SERVER_IP>:5544

Save and restart the syslog service:

service rsyslog restart

Step 8: Verify Log Collection

To verify that the Log Server is successfully receiving logs, enter the IP address of your SUSE 11 host where it prompts you to ‘Verify Incoming Logs’ in the Nagios Log Server web interface. This will confirm that the logs from your host are being properly sent to and received by the Log Server, ensuring everything is functioning as expected.

Once verified, you should see a confirmation message indicating that logs are being received from your new SUSE 11 host. This confirms that all setup steps have been completed successfully, and Nagios Log Server is now properly receiving logs from the newly added host.

Troubleshooting Tips

Conclusion

By following this guide, you have successfully installed and configured Nagios Log Server on SUSE 11. Your system logs are now centrally collected and monitored, helping you detect and resolve issues efficiently.

For additional support, refer to:

• Nagios Support Forum: https://support.nagios.com/forum/
• Nagios Knowledge Base: https://support.nagios.com/kb/