Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
Nagios Log Server Export
Current Version
See GitHub
Last Release Date
2016-12-08
Compatible With
- Nagios Log Server
Owner
Hits
9965
Please visit the github for usage instructions. If you encounter a problem with this plugin or have questions, please use the github.
If this application is used from the NLS machine, this is no problem; Just use localhost or 127.0.0.1 for the -host argument. However, if we are using this application from a remote machine, the Elasticsearch API must be front-facing. BE AWARE THAT MAKING YOUR ELASTICSEARCH API FRONT-FACING CAN BE DANGEROUS.
The easiest way to do this:
edit /usr/local/nagioslogserver/elasticsearch/config/elasticsearch.yml
change the http.host setting from localhost to 0.0.0.0, save the changes
service elasticsearch restart
give elasticsearch time to start up
Be sure to revert these changes once you are done exporting your data. If you do not change your http.host setting back to localhost afterwards, your Nagios Log Server machine may become unstable.
If this application is used from the NLS machine, this is no problem; Just use localhost or 127.0.0.1 for the -host argument. However, if we are using this application from a remote machine, the Elasticsearch API must be front-facing. BE AWARE THAT MAKING YOUR ELASTICSEARCH API FRONT-FACING CAN BE DANGEROUS.
The easiest way to do this:
edit /usr/local/nagioslogserver/elasticsearch/config/elasticsearch.yml
change the http.host setting from localhost to 0.0.0.0, save the changes
service elasticsearch restart
give elasticsearch time to start up
Be sure to revert these changes once you are done exporting your data. If you do not change your http.host setting back to localhost afterwards, your Nagios Log Server machine may become unstable.
Reviews (1)
byitheodoridis, September 21, 2017
Hello Matt!
Excellent work, I need your help with one thing, after looking for additional documentation for your tool anywhere but not finding any.
We are trying to narrow down our exported logs by time as well as day, plus we wanted to exclude some sources. So we created a filter for it in the Elastic Search Dasboard in NLS.
With your tool using a command like this
java -jar nlsexport.jar -host=localhost -date_start=2017.09.19 -date_end=2017.09.19 -output_path=/root/logs/ -output_format=csv
gives us everything for that day. If we wanted to use the query parameter that is included in your tool, how would we go about it?
Let's say for example that our filter has the following conditions
1) querystring mustNot
query : 127.0.0.1
2) querystring must
query : host = 10.132.1.5
3) time must
field : @timestamp
from : 2017-09-19T04:39:43.682Z
to : 2017-09-19T04:50:51.144Z
What would that look like in the above command line string?
The one included in the example
-query='{"query":{"query_string":{"query":"my query string"}}}'
is not very helpful I am afraid, I can't figure out what to replace with what, especially for the time.
Any help would be appreciated.
Thanks!
Excellent work, I need your help with one thing, after looking for additional documentation for your tool anywhere but not finding any.
We are trying to narrow down our exported logs by time as well as day, plus we wanted to exclude some sources. So we created a filter for it in the Elastic Search Dasboard in NLS.
With your tool using a command like this
java -jar nlsexport.jar -host=localhost -date_start=2017.09.19 -date_end=2017.09.19 -output_path=/root/logs/ -output_format=csv
gives us everything for that day. If we wanted to use the query parameter that is included in your tool, how would we go about it?
Let's say for example that our filter has the following conditions
1) querystring mustNot
query : 127.0.0.1
2) querystring must
query : host = 10.132.1.5
3) time must
field : @timestamp
from : 2017-09-19T04:39:43.682Z
to : 2017-09-19T04:50:51.144Z
What would that look like in the above command line string?
The one included in the example
-query='{"query":{"query_string":{"query":"my query string"}}}'
is not very helpful I am afraid, I can't figure out what to replace with what, especially for the time.
Any help would be appreciated.
Thanks!
