Linux Files

Getting Started

This guide will walk you through the process of sending log files to Nagios Log Server. There are two setup methods, one using the automatic setup utility that comes with Log Server and one for manually setting up rsyslog.

Configuration Setup

Automatic
Manual (rsyslog)

Automatic Script - Supported Operating Systems

CentOS, Fedora, and RHEL
Ubuntu and Debian

You must have rsyslog installed. If your operating system is not listed, you can manually configure syslog.

Run the Script

Send a log file using the utility script:

You will need to replace the /path/to/file to be the path to the file you are monitoring. Replace FILE_TAG with a tag to identify logs from the file. It is used for the 'program' field in Log Server.

Verify Spool and Config Location

Put the following in your terminal window to verify the rsyslog spool directory and that the rsyslog.d folder exists. The second line will give you the path you will need to add in the next section for $WorkDirectory in the configuration. Then it will open the rsyslog.conf file.

Setup the Rsyslog Configuration File

Add the following to the rsyslog.conf. Look for the 'begin forwarding rule.'

Replace each variable FILE_PATH with the unique file name you want to monitor and each FILE_TAG with an application name or nickname for the file.

Replace the following above:

FILE_PATH: The absolute path to the file itself.

FILE_TAG: A tag to identify logs from the file. It is used for the 'program' field in Log Server.

FILE_ID: An identifier for this file. This must be unique on the host. Spaces are not allowed.

You will also need to replace $WorkDirectory with the unique file path of the rsyslog spool directory. This was displayed from the command on line 2 of the previous codeblock. If this isn't set correctly the rsyslog service will error on restart.

Example: $WorkDirectory /var/lib/rsyslog

Verify Incoming Logs

Once you have configured the log sender, you should start receiving logs right away. Put in the senders IP address to see if you are receiving logs from that IP.

IP Address