How to Monitor Ubuntu 20.04 Logs with Nagios Log Server 2024R2

Picture of Ayoub Louragli
Ayoub Louragli
ubuntu 20-04

Monitoring logs from Ubuntu 20.04 using Nagios Log Server 2024R2 is essential for tracking system events, errors, and service activity. This guide walks you through setting up Ubuntu as a log source and verifying log flow in the Nagios XI dashboard.

Step 1: Add a New Log Source in Nagios Log Server

  1. Log in to Nagios Log Server.
  2. Click + Add Log Source or navigate to the Add a Log Source section.
  3. Select Linux from the available source types.

Step 2: Run the Auto-Configuration Script on Ubuntu

  1. On the Linux Source Setup page, copy the provided curl command.
  2. SSH into your Ubuntu 20 machine as a root user.
  3. Paste and execute the script:
curl -sS -O http://<NagiosLogServerIP>/nagioslogserver/scripts/setup-linux.sh sudo bash setup-linux.sh -s <NagiosLogServerIP> -p 5544

This sets up rsyslog to forward logs to your Nagios Log Server.

Step 3: Verify Incoming Logs

  • Use the Verify Incoming Logs field by entering the Ubuntu machine’s IP.
  • Or navigate to Dashboards > Nagios Log Server Search and run:
host.ip:<Ubuntu-IP>
  • Test log submission with:
logger "This is a test log entry"
  • Check if the test log appears in Nagios Log Server.

Step 4: Manually Configure rsyslog (Advanced Users)

If you prefer a manual setup:

1.Verify your rsyslog working directory:

ls -d /var/lib/rsyslog || ls -d /var/spool/rsyslog

2.Edit the config file:

sudo nano /etc/rsyslog.d/99-nagioslogserver.conf

Add the following line:

*.* @<NagiosLogServerIP>:5544;RSYSLOG_SyslogProtocol23Format

3.Restart rsyslog:

sudo systemctl restart rsyslog.service

4.Confirm logs are reaching the server:

tail -f /var/log/syslog | grep rsyslog

Step 5: Integrate Log Server with Nagios XI (Optional Alerting)

  • Configure Nagios XI to receive alerts for specific log patterns from Nagios Log Server.
  • Set up alert queries within Nagios Log Server to trigger notifications in XI.
  • Use Event Handlers or the Nagios XI API for automated responses based on log events.

Troubleshooting Tips

  • Ensure the Ubuntu system allows outbound traffic to Nagios Log Server on port 5544.
  • Check /var/log/syslog for local log activity.
  • Review /var/log/rsyslog.log for configuration errors.
  • Run the following to confirm rsyslog is active:
sudo systemctl status rsyslog
  • Use tcpdump to check if logs are sent to Nagios Log Server:
sudo tcpdump -i any port 5544

Final Notes

  • Logs are forwarded over port 5544 by default.
  • Use secure log transmission if required by enabling TLS in rsyslog.
  • Regularly review log retention and indexing settings in Nagios Log Server.

References

Share: