How to Monitor Ubuntu 20.04 Logs with Nagios Log Server 2024R2

Picture of Ayoub Louragli
Ayoub Louragli
ubuntu 20-04

Monitoring logs from Ubuntu 20.04 using Nagios Log Server 2024R2 is essential for tracking system events, errors, and service activity. This guide walks you through setting up Ubuntu as a log source and verifying log flow in the Nagios XI dashboard.

Step 1: Add a New Log Source in Nagios Log Server

  1. Log in to Nagios Log Server.
  2. Click + Add Log Source or navigate to the Add a Log Source section.
  3. Select Linux from the available source types.

Step 2: Run the Auto-Configuration Script on Ubuntu

  1. On the Linux Source Setup page, copy the provided curl command.
  2. SSH into your Ubuntu 20 machine as a root user.
  3. Paste and execute the script: 
curl -sS -O http://<NagiosLogServerIP>/nagioslogserver/scripts/setup-linux.sh sudo bash setup-linux.sh -s <NagiosLogServerIP> -p 5544

This sets up rsyslog to forward logs to your Nagios Log Server.

Step 3: Verify Incoming Logs

  • Use the Verify Incoming Logs field by entering the Ubuntu machine’s IP.
  • Or navigate to Dashboards > Nagios Log Server Search and run: 
host.ip:<Ubuntu-IP>
  • Test log submission with: 
logger "This is a test log entry"
  • Check if the test log appears in Nagios Log Server.

Step 4: Manually Configure rsyslog (Advanced Users)

If you prefer a manual setup:

1. Verify your rsyslog working directory:

ls -d /var/lib/rsyslog || ls -d /var/spool/rsyslog

2. Edit the config file:

sudo nano /etc/rsyslog.d/99-nagioslogserver.conf

Add the following line:

*.* @<NagiosLogServerIP>:5544;RSYSLOG_SyslogProtocol23Format

3. Restart rsyslog:

sudo systemctl restart rsyslog.service

4. Confirm logs are reaching the server:

tail -f /var/log/syslog | grep rsyslog

Step 5: Integrate Log Server with Nagios XI (Optional Alerting)

  • Configure Nagios XI to receive alerts for specific log patterns from Nagios Log Server.
  • Set up alert queries within Nagios Log Server to trigger notifications in XI.
  • Use Event Handlers or the Nagios XI API for automated responses based on log events.

Troubleshooting Tips

  • Ensure the Ubuntu system allows outbound traffic to Nagios Log Server on port 5544.
  • Check /var/log/syslog for local log activity.
  • Review /var/log/rsyslog.log for configuration errors.
  • Run the following to confirm rsyslog is active: 
sudo systemctl status rsyslog
  • Use tcpdump to check if logs are sent to Nagios Log Server: 
sudo tcpdump -i any port 5544

Final Notes

  • Logs are forwarded over port 5544 by default.
  • Use secure log transmission if required by enabling TLS in rsyslog.
  • Regularly review log retention and indexing settings in Nagios Log Server.

References

Share:
On this page
    Tags
    Related Articles
    Share:

    Products

    Nagios XI

    Nagios CSP

    Nagios Log Server

    Nagios Network Analyzer

    Nagios Fusion

    Projects

    Nagios Core

    Nagios Plugins

    NSClient++

    NDOUTILS

    NCPA

    NRPE

    NRDP

    Resources

    Documentation

    Developer Corner

    Video Tutorials

    Changelog

    Solutions

    Tech Tips

    Training

    Support

    Knowledgebase

    Nagios Forum

    Support Home

    Support Tips

    Get Support

    Customer Portal

    Community

    World Conference

    Bounty Program

    MVP Awards

    Nagios Exchange

    Articles

    Get Involved

    Company

    Story of Nagios

    Nagios Alternatives

    Why Nagios?

    The Nagios Team

    Careers

    Contact Us

    Contact Sales

    Downloads

    Nagios Enterprises, LLC | Website Copyright © 2009 - . All rights reserved.

    Github Facebook-f Youtube Linkedin-in X-twitter