ServiceNav offers several notification methods:
- Mail, SMS, Push Mail (mobile application) and SysLog
The notification policy is fully customizable according to :
- time slots
- Types of events (Alert, Critical Alert, Return to normal...)
- the methods used to send the notification (email, SMS, application push, Syslog)
We will focus here on the Syslog notification.
The goal is to allow the ServiceNav user to consolidate all notifications into a centralized Syslog server for processing or archiving.
This method allows writing to a Syslog file on a change ofNagios status" of the type HARD only.
Prerequisite: Setting up a Syslog server
As a protocol, Syslog consists of a client part and a server part. The client part transmits the information over the network, via UDP port 514. The servers collect the information and take care of creating the logs.
The ServiceNav monitoring unit can be used as a client or as a client and server.
Note You can nevertheless use your own Syslog server. The supervision box will only be used as a client to redirect events to your Syslog server.
Configure the box as a client:
The rsyslog client is already installed on the supervision boxes, it only remains to configure it in order to write in a syslog server. You have to specify to rsyslog what kind of log to redirect and to which server.
In the /etc/rsyslog.d/ folder, create a new configuration file 00-client-remote.conf
cd /etc/rsyslog.d/
nano 00-client-remote.conf
Add the following configuration to redirect logs from the NAGIOS-SYSLOG application (the tag used in the notification command).
In UDP :
if $programname == 'NAGIOS-SYSLOG' then @remote_server:port
In TCP:
if $programname == 'NAGIOS-SYSLOG then @@remote_server:port
If you want to configure the box as a server:
Configuration
Connect with ssh on the supervision box.
Open the syslog port
The standard syslog port is UDP/514:
1. Edit under vi/nano the following file: /etc/init.d/iptables.sh
2. Insert this line: PORT_RSYSLOG="514″
3. Insert this line:
## Accepting RSYSLOG connections
iptables -A INPUT -p udp -i eth0 -s -dport $PORT_RSYSLOG -j ACCEPT
4. Save the file and reload the rules: /etc/init.d/iptables.sh
Notes: Change the port if you are operating on a different port than the standard port.
Source IP filtering is optional, but it does help limit incoming syslog traffic.
rsyslog format supported by the model
ServiceNav has a "Lin-syslog" service model to exploit the syslog file
1. Edit under vi/nano the following file: /etc/rsyslog.conf and make the modifications described below.
2. Save the file
3. Restart the rsyslog service: service rsyslog restart
Configuring syslog notification
Syslog notification is available for all devices and services and works the same way as the standard Nagios notification.
A contact can be notified on its notification time slot, on all or some of the status changes, as soon as the status changes or after several checks on the status change have been made.
Creation of notification contacts
We recommend to create 2 syslog contacts:
- a contact for equipment notifications
- a contact for unit service notifications
To add a contact: navigate to Settings > General > Contacts.
Click on Add
For services :
For equipment :
Enter the period and type of status that will trigger the notification in the syslog file
Notification configuration for equipment or services
Simple scenario
I supervise the "Teamviewer" service located on the RADIOLOGY equipment and I would like a writing in the syslog file when the equipment is unreachable or when the Teamviewer service is not started.
So I'm going to put syslog notifications on my RADIOLOGY equipment and on the Teamviewer service
Equipment sheet :
Open the record in create or edit mode:
In the Notification tab :
Fill in the linked contact.
Here when the equipment goes DOWN a notification will write in the syslog file the message defined for the contact "CHSA - contact-syslog-equipment".
Unit service form
Open the record in create or edit mode:
In the Notification tab
When my service is in CRITICAL, a notification will write in the syslog file the message defined for the contact "CHSA - contact-syslog-service".
Note Notification is only triggered on the Nagios HARD status type
If you have added additional controls the notification will only go out when all additional controls are completed.
Result obtained
It is possible to see the result by checking its syslog server. If the ServiceNav monitoring box is the server, the syslog file is located in: /var/log/
It is of course possible to use the Lin-syslog" template to exploit the syslog file.
Example of writing to the Syslog file :
