How to Monitor Ubuntu 20.04 Logs with Nagios Log Server 2024R2

Ayoub Louragli

Monitoring logs from Ubuntu 20.04 using Nagios Log Server 2024R2 is essential for tracking system events, errors, and service activity. This guide walks you through setting up Ubuntu as a log source and verifying log flow in the Nagios XI dashboard.
Step 1: Add a New Log Source in Nagios Log Server
- Log in to Nagios Log Server.
- Click + Add Log Source or navigate to the Add a Log Source section.
- Select Linux from the available source types.
Step 2: Run the Auto-Configuration Script on Ubuntu
- On the Linux Source Setup page, copy the provided curl command.
- SSH into your Ubuntu 20 machine as a root user.
- Paste and execute the script:
curl -sS -O http://<NagiosLogServerIP>/nagioslogserver/scripts/setup-linux.sh sudo bash setup-linux.sh -s <NagiosLogServerIP> -p 5544
This sets up rsyslog
to forward logs to your Nagios Log Server.
Step 3: Verify Incoming Logs
- Use the Verify Incoming Logs field by entering the Ubuntu machine’s IP.
- Or navigate to Dashboards > Nagios Log Server Search and run:
host.ip:<Ubuntu-IP>
- Test log submission with:
logger "This is a test log entry"
- Check if the test log appears in Nagios Log Server.
Step 4: Manually Configure rsyslog (Advanced Users)
If you prefer a manual setup:
1.Verify your rsyslog working directory:
ls -d /var/lib/rsyslog || ls -d /var/spool/rsyslog
2.Edit the config file:
sudo nano /etc/rsyslog.d/99-nagioslogserver.conf
Add the following line:
*.* @<NagiosLogServerIP>:5544;RSYSLOG_SyslogProtocol23Format
3.Restart rsyslog
:
sudo systemctl restart rsyslog.service
4.Confirm logs are reaching the server:
tail -f /var/log/syslog | grep rsyslog
Step 5: Integrate Log Server with Nagios XI (Optional Alerting)
- Configure Nagios XI to receive alerts for specific log patterns from Nagios Log Server.
- Set up alert queries within Nagios Log Server to trigger notifications in XI.
- Use Event Handlers or the Nagios XI API for automated responses based on log events.
Troubleshooting Tips
- Ensure the Ubuntu system allows outbound traffic to Nagios Log Server on port 5544.
- Check
/var/log/syslog
for local log activity. - Review
/var/log/rsyslog.log
for configuration errors. - Run the following to confirm rsyslog is active:
sudo systemctl status rsyslog
- Use
tcpdump
to check if logs are sent to Nagios Log Server:
sudo tcpdump -i any port 5544
Final Notes
- Logs are forwarded over port 5544 by default.
- Use secure log transmission if required by enabling TLS in
rsyslog
. - Regularly review log retention and indexing settings in Nagios Log Server.