How to Monitor Ubuntu 20.04 Logs with Nagios Log Server 2024R2

Picture of Ayoub Louragli
Ayoub Louragli
ubuntu 20-04

Monitoring logs from Ubuntu 20.04 using Nagios Log Server 2024R2 is essential for tracking system events, errors, and service activity. This guide walks you through setting up Ubuntu as a log source and verifying log flow in the Nagios XI dashboard.

Step 1: Add a New Log Source in Nagios Log Server

  1. Log in to Nagios Log Server.
  2. Click + Add Log Source or navigate to the Add a Log Source section.
  3. Select Linux from the available source types.

Step 2: Run the Auto-Configuration Script on Ubuntu

  1. On the Linux Source Setup page, copy the provided curl command.
  2. SSH into your Ubuntu 20 machine as a root user.
  3. Paste and execute the script: 
curl -sS -O http://<NagiosLogServerIP>/nagioslogserver/scripts/setup-linux.sh sudo bash setup-linux.sh -s <NagiosLogServerIP> -p 5544

This sets up rsyslog to forward logs to your Nagios Log Server.

Step 3: Verify Incoming Logs

  • Use the Verify Incoming Logs field by entering the Ubuntu machine’s IP.
  • Or navigate to Dashboards > Nagios Log Server Search and run: 
host.ip:<Ubuntu-IP>
  • Test log submission with: 
logger "This is a test log entry"
  • Check if the test log appears in Nagios Log Server.

Step 4: Manually Configure rsyslog (Advanced Users)

If you prefer a manual setup:

1.Verify your rsyslog working directory:

ls -d /var/lib/rsyslog || ls -d /var/spool/rsyslog

2.Edit the config file:

sudo nano /etc/rsyslog.d/99-nagioslogserver.conf

Add the following line:

*.* @<NagiosLogServerIP>:5544;RSYSLOG_SyslogProtocol23Format

3.Restart rsyslog:

sudo systemctl restart rsyslog.service

4.Confirm logs are reaching the server:

tail -f /var/log/syslog | grep rsyslog

Step 5: Integrate Log Server with Nagios XI (Optional Alerting)

  • Configure Nagios XI to receive alerts for specific log patterns from Nagios Log Server.
  • Set up alert queries within Nagios Log Server to trigger notifications in XI.
  • Use Event Handlers or the Nagios XI API for automated responses based on log events.

Troubleshooting Tips

  • Ensure the Ubuntu system allows outbound traffic to Nagios Log Server on port 5544.
  • Check /var/log/syslog for local log activity.
  • Review /var/log/rsyslog.log for configuration errors.
  • Run the following to confirm rsyslog is active: 
sudo systemctl status rsyslog
  • Use tcpdump to check if logs are sent to Nagios Log Server: 
sudo tcpdump -i any port 5544

Final Notes

  • Logs are forwarded over port 5544 by default.
  • Use secure log transmission if required by enabling TLS in rsyslog.
  • Regularly review log retention and indexing settings in Nagios Log Server.

References

Share:
On this page
Tags
Related Articles
Share:

Products

Nagios XI

Nagios CSP

Nagios Log Server

Nagios Network Analyzer

Nagios Fusion

Projects

Nagios Core

Nagios Plugins

NSClient++

NDOUTILS

NCPA

NRPE

NRDP

Resources

Documentation

Developer Corner

Video Tutorials

Changelog

Solutions

Tech Tips

Training

Support

Knowledgebase

Nagios Forum

Support Home

Support Tips

Get Support

Customer Portal

Community

World Conference

Bounty Program

MVP Awards

Nagios Exchange

Articles

Get Involved

Company

Story of Nagios

Nagios Alternatives

Why Nagios?

The Nagios Team

Careers

Contact Us

Contact Sales

Downloads

Nagios Enterprises, LLC | Website Copyright © 2009 - 2025. All rights reserved.

Github Facebook-f Youtube Linkedin-in X-twitter