News

Centralize your critical alerts in a Syslog

Image-10

ServiceNav offers several notification methods:
- Mail, SMS, Push Mail (mobile application) and SysLog

The notification policy is fully configurable according to :
- of time slots
- types of events (Alert, Critical Alert, Return to normal...)
- the methods used to send the notification (email, SMS, application push, Syslog)

We will focus here on the Syslog notification.
The objective is to allow the ServiceNav user to consolidate all notifications into a centralized Syslog server for processing or archiving.

This method allows writing to a Syslog file on a change of ""Nagios State"type HARD only.

, Centralize critical alerts in a Syslog

Prerequisites: Setting up a Syslog Server

As a protocol, Syslog consists of a client part and a server part. The client part transmits information over the network, via UDP port 514. The servers collect the information and create the logs.

The ServiceNav monitoring box can be used as a client or as a client and server.

Note : You can nevertheless use your own Syslog server. The monitoring box will only be used as a client to redirect events to your Syslog server.

Configuring the box as a client :

The rsyslog client is already installed on the monitoring boxes, you just have to configure it in order to write to a syslog server. So you have to specify to rsyslog what type of log to redirect and to which server.
In the /etc/rsyslog.d/ folder, create a new configuration file 00-client-remote.conf
cd /etc/rsyslog.d/
nano 00-client-remote.conf
Add the following configuration to redirect logs coming from the NAGIOS-SYSLOG application (the tag used in the notification command).
In UDP:
if $programname == 'NAGIOS-SYSLOG' then @remote_server:port
In TCP :
if $programname == 'NAGIOS-SYSLOG then @@remote_server:port

If you want to configure the box as a :

Configuration
Connect in ssh on the supervisor box.

Open syslog port

The standard syslog port is UDP/514 :
1. Edit under vi/nano the following file: /etc/init.d/iptables.sh
2. Insert this line: PORT_RSYSLOG= "514″
3. Insert this line :
## RSYSLOG connection acceptance
iptables -A INPUT -p udp -i eth0 -s -dport $PORT_RSYSLOG -j ACCEPT
4. Save the file and reload the rules: /etc/init.d/iptables.sh

Notes: Change the port if you are operating on a different port than the standard port.
Source IP filtering is optional, but it is used to limit incoming syslog traffic.

rsyslog format supported by the model
ServiceNav has a "Lin-syslog" service model to exploit the syslog file
1. Edit under vi/nano the following file: /etc/rsyslog.conf and make the modifications described below.
2. Save the file
3. Restart the rsyslog service: rsyslog restart service

, Centralize critical alerts in a Syslog

Configuring syslog notification

The syslog notification is available for all devices and services and works the same way as the standard Nagios notification.

A contact can be notified on its notification time slot, on all or some of the status changes, as soon as the status changes or after several checks of the status change have been made.

Creating notification contacts

We recommend creating 2 syslog contacts:
- a contact for equipment notifications
- a contact for unit service notifications

To add a contact: Navigate to Configuration > General > Contacts.

Click on Add

, Centralize critical alerts in a Syslog
, Centralize critical alerts in a Syslog
, Centralize critical alerts in a Syslog
, Centralize critical alerts in a Syslog

For services:

, Centralize critical alerts in a Syslog

For equipment:

, Centralize critical alerts in a Syslog

Fill in the period and type of status that will trigger the notification in the syslog file.

Notification configuration for equipment or services

Simple Scenario

I am supervising the "Teamviewer" service located on the RADIOLOGY equipment and I want to write to the syslog file when the equipment is unreachable or when the Teamviewer service is not started.

So I'm going to put syslog notifications on my RADIOLOGY equipment and on the Teamviewer service.

Equipment sheet :
Open the file in creation or modification mode:

, Centralize critical alerts in a Syslog

In the Notification tab :

, Centralize critical alerts in a Syslog

Inform the related contact.

Here, when the equipment goes to DOWN status a notification will write in the syslog file the message defined for the contact "CHSA - contact-syslog-equipment".

Unit Service Sheet

Open the file in creation or modification mode:

, Centralize critical alerts in a Syslog

In the Notification tab

, Centralize critical alerts in a Syslog

When my service is in CRITICAL, a notification will write in the syslog file the message defined for the contact "CHSA - contact-syslog-service".

Note : Notification is only triggered on the Nagios HARD status type
If you have added additional controls the notification will only go out when all additional controls are completed.

Result obtained

It is possible to see the result by consulting its Syslog server. If the ServiceNav monitoring box acts as a server, the syslog file is located in: /var/log/
It is of course possible to use the Lin-syslog " model to exploit the syslog file.
Example of writing to the Syslog file :

, Centralize critical alerts in a Syslog

This may also be of interest to you

Supervision

Application mapping

Representing application supervision Supervising applications can pose problems of legibility of information, dependencies and alerts,

Read more "
en_USEnglish
fr_FRFrench en_USEnglish

Welcome to ServiceNav!

Need help? More information about our products? Write to us!
You have taken note of our privacy policy.

[COVID - 19 ] - TELEWORKING, TARGET AVAILABILITY 100% !

While the epidemic lasts, ensure the availability and performance of your IT services for teleworking, with ServiceNav!

Following the government's call to mobilize to help businesses overcome the current health and economic context, we help you, free of charge, to ensure the complete monitoring of your teleworking environments: VPN, VDI, Teams, Skype Enterprise, Citrix... Objectives: collection, availability and usage indicators, dashboards to support your communication.
We use cookies to ensure that you have the best possible experience on our site, and if you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.