Forwarding RHEL 7 Logs to Nagios Log Server 2024R2
Nagios Log Server delivers a robust solution for centralized log collection, analysis, and alerting, empowering administrators to monitor system health and stay ahead of potential issues. By forwarding logs to Nagios Log Server 2024R2, you gain real-time visibility into your infrastructure, enabling proactive monitoring and faster issue resolution. This guide will take you through the process of configuring your RHEL 7 system to seamlessly send logs to Nagios Log Server, ensuring efficient log management and enhanced system insights.
Prerequisites
- Nagios Log Server 2024R2 is installed and accessible.
- A RHEL 7 system with root or
sudoaccess. - Network access between RHEL 7 and Nagios Log Server on port 5544.
rsyslogis installed (default on RHEL 7).
Step 1: Add a New Log Source in Nagios Log Server
1. Open your browser and log into Nagios Log Server.
2. On the Home page, Click the + button in the left sidebar and the one at the bottom..
3. Choose Linux as the source type.
Step 2: Configuring the RHEL 7 Log Source
1. Download and Run the Setup Script
If curl is not installed:
sudo yum install -y curlRun the setup script:
curl -sS -O http://<NagiosLogServerIP>/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s <NagiosLogServerIP> -p 5544Replace <NagiosLogServerIP> with your actual server address.
2. Verify the Script Execution
Expected output:
Detected rsyslog 8.1901.0
Detected rsyslog work directory /var/lib/rsyslog
Destination Log Server: 192.168.0.62:5544
Creating /etc/rsyslog.d/99-nagioslogserver.conf...
SELinux is disabled.
rsyslog configuration check passed.
Restarting rsyslog service with 'service'...
Redirecting to /bin/systemctl restart rsyslog.service
Okay.
rsyslog is running with the new configuration.
Visit your Nagios Log Server dashboard to verify that logs are being received.Step 3: Confirming Log Reception
1. In Nagios Log Server:
- Navigate to Dashboards > Search.
- Search using:
host.ip:<RHEL-IP>2. Send a Test Log Entry:
logger "This is a test log entry"- Refresh the dashboard to see the entry.
Step 4: Accessing the Setup Script
The setup script resides on the Nagios Log Server at:
/var/www/html/nagioslogserver/www/scripts/setup-linux.shStep 5: Manual Setup (Optional)
1. Edit the rsyslog configuration:
sudo nano /etc/rsyslog.d/.confAdd the following lines at the begin forwarding rule section:
# ### begin forwarding rule ### NAGIOSLOGSERVER
$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @@192.168.1.123:5544
# ### end of the forwarding rule ###Replace /var/lib/rsyslog with the correct path if different, and 192.168.1.123 with the IP address of your Nagios Log Server.
2. Restart rsyslog:
sudo /etc/init.d/rsyslog restartStep 6: Adding More Log Sources
Use the + Add Log Source button to configure:
- Windows event logs
- Application logs
- File Monitoring
- Archived logs
Troubleshooting Tips
1. Check rsyslog Status:
systemctl status rsyslogStart it if needed:
sudo systemctl start rsyslog2. Verify Network Access:
Ensure RHEL 7 can reach the Nagios Log Server on port 5544.
3. Check Firewall:
sudo firewall-cmd --zone=public --add-port=5544/udp --permanent
sudo firewall-cmd --reload4. Review Logs:
sudo grep rsyslog /var/log/messagesOn the Log Server:
tail -f /var/log/logserver/nagios.logVideo Tutorial
For a step-by-step walkthrough, watch this video:
Conclusion
You’ve successfully configured RHEL 7 to forward logs to Nagios Log Server 2024R2. This integration supports centralized monitoring, faster troubleshooting, and improved visibility.
For further help, check the Nagios Knowledgebase or Nagios Support Forums.
