Centralized Log Monitoring for AlmaLinux 9 with Nagios Log Server 2024R2: A Complete Guide

AlmaLinux 9 is a community-driven, enterprise-grade Linux distribution designed for stability and performance. Monitoring system logs from AlmaLinux servers is critical for detecting issues, ensuring security, and maintaining compliance. Nagios Log Server 2024R2 offers a centralized platform to collect, search, and analyze log data across your infrastructure. This guide walks you through configuring AlmaLinux 9 to forward logs to Nagios Log Server using the built-in rsyslog service.

Prerequisites

Ensure you have the following:

• An AlmaLinux 9 server with root or sudo access
• A running Nagios Log Server 2024R2 instance
• Network connectivity between the AlmaLinux server and Log Server (default port 5544 open)
• SELinux disabled or properly configured for rsyslog

Step 1: Access Log Source Setup in Nagios Log Server

1. Log into your Nagios Log Server web interface.

2. Click the + button in the left sidebar and the one at the bottom.

Step 2: Run the Auto-Configuration Script on AlmaLinux 9

1. Copy the setup script command shown in the Nagios interface. It looks similar to:

curl -sS -O http://<logserver-ip>/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s <logserver-ip> -p 5544

curl -sS -O http://<logserver-ip>/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s <logserver-ip> -p 5544

• Replace <logserver-ip> with the IP or DNS name of your Nagios Log Server.

2. Example Output:

curl -sS -O http://192.168.1.123/nagioslogserver/scripts/setup-linux.sh 
sudo bash setup-linux.sh -s 192.168.0.31 -p 5544

curl -sS -O http://192.168.1.123/nagioslogserver/scripts/setup-linux.sh 
sudo bash setup-linux.sh -s 192.168.0.31 -p 5544

3. Confirm the script output shows successful configuration:

• “Detected rsyslog…”
• “rsyslog configuration check passed.”
• “rsyslog is running with the new configuration.”

Step 3: Verify Logs Are Reaching Nagios Log Server

1. In the Nagios Log Server web UI, enter the AlmaLinux server’s IP under Verify Incoming Logs.

2. Alternatively, go to Dashboards > Nagios Log Server Search and run:

host.ip:<AlmaLinux-IP>

host.ip:<AlmaLinux-IP>

3. To test log transmission, run:

logger This is a test log entry

logger This is a test log entry

4. Verify the entry appears in the Nagios Log Server interface.

Optional: Manual rsyslog Configuration (Advanced)

If you prefer not to use the script, follow these steps:

1. Create a custom rsyslog config file:

sudo nano /etc/rsyslog.d/.conf

sudo nano /etc/rsyslog.d/.conf

2. Add the following content (replace IP and port as needed):

# ### begin forwarding rule ### NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @@192.168.1.123:5544
# ### end of the forwarding rule ###

# ### begin forwarding rule ### NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @@192.168.1.123:5544
# ### end of the forwarding rule ###

3. Restart rsyslog:

sudo systemctl restart rsyslog

sudo systemctl restart rsyslog

4. Verify logs are received as in Step 3.

Step 4: Adding More Log Sources

Use the + Add Log Source button to configure:

• Network Device
• Application Logs
• Archived logs

Conclusion

You’ve successfully configured AlmaLinux 9 to send logs to Nagios Log Server 2024R2. Whether using the automatic script or manual configuration, this setup allows centralized logging, simplifying monitoring and analysis. For advanced use cases, explore custom filtering, alerting, and integrations in the Nagios Log Server interface.

Resource

• Nagios Log Server Knowledgebase
• Nagios Support Forum
• AlmaLinux Documentation