Hello, new Nagios user here. Its clear that Nagios does not natively handle syslog parsing. So I am trying to determine the best method to provide that functionality. I’ve seen the use of “check_log”, “check_logfiles”, and “check_syslog_gw” plug-ins. Any comments on which one works the best, especially for large environments? Are there other, better plug-in suggestions?
Even more broader of a question, in lieu of Nagios, what open source tool would you use to parse syslog events to determine levels of criticality and display the events in a web front-end? (ie Basically I’m looking to reproduce Netcool functionality in OSS)
Thanks for any replies,
I’m actively considering Splunk
splunk.com/product
This is the direction that Professional Nagios is going for interrogating logfiles.
nagios.org/products/enterpri … ons/splunk
There’s a free edition, which you’d have to integrate yourself…
Just as a WAG without thinking about it much, one thing you could do after getting Splunk going is configure it to do something like
put a certain output file in a given directory, and then use check_file to see if there’s a warning file in the directory.
I think Splunk itself has all kinds of warnings, alerts, abilities to do X upon noticing thing Y and so on.
but if you want a tie-back to Nagios, that’s one way to do it, albeit probably not the best.
There’s probably something way way simpler that I just haven’t read about yet.
Thank you for your input treimers.