Step-by-Step Guide: How to Forward Ubuntu Logs to Nagios Log Server 2024R2

Nagios Log Server is a powerful tool that enables IT administrators to collect, analyze, and manage logs from various sources. This guide will walk you through the process of setting up a new log source in Nagios Log Server, specifically focusing on Linux systems using rsyslog. By the end of this tutorial, you will have successfully configured your Linux machine to send logs to Nagios Log Server.

Prerequisites

Before proceeding, ensure you have the following:

• Access to a Nagios Log Server instance (recommended latest stable release)
• An Ubuntu system (recommended Ubuntu 20.04 or later)
• Root or sudo privileges on your Ubuntu machine
• Network connectivity between Ubuntu and Nagios Log Server (verify firewall settings)

Video Tutorial

Enhance your understanding with this detailed, step-by-step visual walkthrough of “Nagios Log Server 2024R2 Jumpstart: Start Monitoring in Minutes.”

Step 1: Add a New Log Source in Nagios Log Server

1. Login to Nagios Log Server:
   • Open your web browser and navigate to your Nagios Log Server instance.
   • Log in with your administrator credentials.
2. Navigate to Log Source Setup:
   • On the Home page, locate the + Linux button in the bottom right corner.

3. Alternatively, click + Add Log Source in the navigation bar and select Linux from the list.

Step 2: Configuring the Linux Log Source

1. Download and Run the Setup Script:

1. The Linux Source Setup page provides a code block with a pre-configured command.
2. Copy the command using your mouse.
3. Open a terminal on your Linux machine and paste the command.
4. If you don’t have curl installed, install it by running:

sudo apt update && sudo apt install -y curl

Then, execute the following command to download and run the setup script:

curl -sS -O http://your-nagios-log-server-address/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s your-nagios-log-server-address -p 5544

• Replace your-nagios-log-server-address with the actual IP address or hostname of your Nagios Log Server.
• The -s flag specifies the Nagios Log Server address, and -p 5544 specifies the port for log transmission (default is 5544).

2. Verify the Script Execution:

• The script configures rsyslog and establishes a connection with the Nagios Log Server. After running the script, you should see a message like:

curl -sS -O http://192.168.0.65/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s 192.168.0.65 -p 5544
Detected rsyslog 8.2312.0
Detected rsyslog work directory /var/spool/rsyslog
Destination Log Server: 192.168.0.65:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
getenforce command not found, assuming SELinux is disabled.
rsyslog configuration check passed.
Restarting rsyslog service with 'service'..
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.

• If you encounter any errors, check the script logs and ensure that the Nagios Log Server is reachable and that port 5544 is open.

3. In Nagios Log Server, enter the IP address of the Linux machine in the IP Address search field. You should see the number of logs being received for the host, indicating successful log transmission.

Example output:

Step 3: Confirming Log Reception

1. Navigate to Dashboards:

• In Nagios Log Server, go to the Dashboards section.
• Perform a query using the IP address of the Linux machine to confirm logs are being received.

2. Send a Test Log Entry:

logger "This is a test log entry"

• Refresh the Nagios Log Server dashboard to check if the test log appears. If successful, you should see the test log entry listed in the dashboard.

Step 4: Accessing the Setup Script on Nagios Log Server

• The setup script is located on the Nagios Log Server instance at the following path:

/var/www/html/nagioslogserver/www/scripts/setup-linux.sh

• You can access it directly via a browser or SSH if you need to make manual adjustments.

Step 5: Adding More Log Sources

• Use the + Add Log Source button to configure additional sources such as Windows event logs, application logs, and archived log files.

• Some log sources offer both scripted and manual setup options.
• The manual method provides more customization by allowing direct configuration file edits.

Troubleshooting Tips

If logs are not appearing in Nagios Log Server, consider these troubleshooting steps:

1. Check rsyslog Status: Ensure that rsyslog is installed and running. You can check its status with:

systemctl status rsyslog

If the service is not running, start it with:

sudo systemctl start rsyslog  # Start if not running

2. Verify Network Connectivity: Ensure that the Ubuntu machine can communicate with the Nagios Log Server on port 5544. Check for network restrictions such as firewalls or proxy settings that could block the connection.

3. Check Firewall Settings: If you’re using ufw on Ubuntu, you may need to allow traffic on port 5544:

sudo ufw allow 5544/tcp

Also, check if there are any firewall rules on the Nagios Log Server that might block incoming log data.

4. Review Log Files: If the above steps don’t resolve the issue, review the log files on the Nagios Log Server and the Ubuntu machine for errors or messages that could indicate the root cause of the issue.

Conclusion

By following this guide, you have successfully configured your Ubuntu machine to send logs to Nagios Log Server for centralized monitoring. This setup allows you to efficiently monitor system logs and gain insights into potential issues in real-time.

You can now extend your log monitoring capabilities by adding other sources and fine-tuning your configurations. For more advanced setups, consider using custom log filters and alerts.

For troubleshooting or further assistance, visit the Nagios Knowledgebase or check the Nagios Support Forums.