How can I change Nagios/NRPE log location?

Schimpke, Dr. Thomas - bhn Schimpke.Thomas at bhn-services.com
Thu Oct 6 11:24:56 CEST 2011 

If you have

log_facility=local4

in your nrpe.conf and

local4.*  /var/log/nrpe.log

(or whatever file you choose) in syslog.conf  you should have log messages from nrpe in your specified log file.

The log entrys in your first post are, as I already mentioned, from xinetd directly ...and xinetd seems to log to the daemon facility and I think, that you cannot change this.

I tried (for the rsync service) to set

  log_on_failure  =
  log_on_success =

so effectively clearing these two options for that service. Afterwards this start/success messages generated by xinetd when the service starts up were gone. You could try this with the nrpe service...Then your /var/log/messages should be clean.

Thomas



On 10/05/2011 05:34 PM, R. Leigh Hennig wrote:
service syslog restart did restart the syslog service, however no changes have been made. Logs about NRPE are still going to /var/log/messages, even though I added "local4.*  /var/log/nrpe.log" to that file, and the nrpe.cfg I changed it to local4 as well...



On Wed, Oct 5, 2011 at 11:24 AM, Schimpke, Dr. Thomas - bhn <Schimpke.Thomas at bhn-services.com<mailto:Schimpke.Thomas at bhn-services.com>> wrote:
It somewhat depends upon your operating system (and Linux distribution, if you use Linux). On a RedHat based system you may want to try "service syslog restart".  Typically syslog reloads its configuration, if you sent him the SIGHUP signal. So you may want to use ps -ef | grep syslog to determine syslog's pid and then kill -HUP pid.

You may want to check syslog's man page to verify if your syslog responds to signals ... if your're not on linux.


Thomas

On 10/05/2011 04:54 PM, R. Leigh Hennig wrote:
I made the change and restarted xinted. How do I restart syslog?

On Wed, Oct 5, 2011 at 10:43 AM, Schimpke, Dr. Thomas - bhn <Schimpke.Thomas at bhn-services.com<mailto:Schimpke.Thomas at bhn-services.com><mailto:Schimpke.Thomas at bhn-services.com<mailto:Schimpke.Thomas at bhn-services.com>>> wrote:
Hi,

it's not nrpe's config file - it's xinetd's config file for the nrpe service. nrpe is started by xinetd as soon as a request from the nagios server arrives. So you simply need to restart xinetd (or reload its configuration).

If you still use SYSLOG (and not FILE), then you should configure the facility in /etc/syslog.conf appropriately. You need to restart/reload syslog for the change to have effect.

Thomas


On 10/05/2011 04:24 PM, R. Leigh Hennig wrote:
I've made the configuration change - now I'm guessing I need to restart NRPE daemon to read in the changed  config file. How do I restart NRPE? I want it to run as a daemon, and I believe that it is...there's an nrpe file in /etc/xinte.d/...I already restarted xinted after I made the log file change there...

On Wed, Oct 5, 2011 at 9:51 AM, Schimpke, Dr. Thomas - bhn <Schimpke.Thomas at bhn-services.com<mailto:Schimpke.Thomas at bhn-services.com><mailto:Schimpke.Thomas at bhn-services.com<mailto:Schimpke.Thomas at bhn-services.com>><mailto:Schimpke.Thomas at bhn-services.com<mailto:Schimpke.Thomas at bhn-services.com><mailto:Schimpke.Thomas at bhn-services.com<mailto:Schimpke.Thomas at bhn-services.com>>>> wrote:
These aren't messages from nrpe but from xinetd. You should set the log_type parameter in nrpe's config fiule for the xinetd. Either use SYSLOG with facility local0 and configure syslog to log local0 to a file .../nrpe.log or use
FILE as a parameter for the log_type and and the full path to the desired logfile.

Check out the xinetd.conf man page for more details.

Since you poll nrpe quite often it may be better to run nrpe as a daemon (nrpe -d ...) anyway to avoid the start overhead.

Thomas

On 10/05/2011 03:13 PM, R. Leigh Hennig wrote:
On my remote hosts, /var/log/messages is filling up with messages like this:

Sep 26 06:33:53 <REMOVED> xinetd[13362]: EXIT: nrpe status=0 pid=8099 duration=0(sec)
Sep 26 06:34:01 <REMOVED> xinetd[13362]: START: nrpe pid=8105 from=<REMOVED>
Sep 26 06:34:01 <REMOVED> xinetd[13362]: EXIT: nrpe status=0 pid=8105 duration=0(sec)
Sep 26 06:34:57 <REMOVED> xinetd[13362]: START: nrpe pid=8113 from=<REMOVED>

How can I make it so that Nagios/NRPE throws these in a different file, and not just /var/log/messages?

Thanks


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net><mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>><mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net><mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>>>
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net><mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>>
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

More information about the Users mailing list