Lostash - nagios_nsca plugin - nagios_status

Hello,
I am trying to send passive check to nagios using Logstash nagios_nsca plugin.

Elasticstack v 6.3.2

/usr/share/logstash/bin/logstash-plugin list | grep nsca
logstash-output-nagios_nsca

Configuration:

pipeline:
input {
 http {
    port => 10040
  }
}

filter {
  json {
    source => "message"
  }
}

output {

   if ( [app] == "application" and [env] == "prod" and [message] =~ /^Error/  ) {

       nagios_nsca {
         host => "10.88.88.200"
         port => 5667
         nagios_host => "10.88.88.250"
         nagios_service => "application.error-detection"
         nagios_status => 2
         send_nsca_bin => "/usr/sbin/send_nsca"
         send_nsca_config => "/etc/nagios/send_nsca.cfg"
         message_format => "%{message}"
       }

       elasticsearch {
        hosts => ["localhost:9200"]
        index => "alerts-%{+YYYY.MM}"
        user => "logstash"
        password => ""******"
      }
   } else {
        elasticsearch {
        hosts => ["localhost:9200"]
        index => "noalerts-%{+YYYY.MM}"
        user => "logstash"
        password => "******"
      }

   }
}

Sending event to logstash:

curl -XPOST localhost:10040/libovolne-url -d '{ "env" : "prod", "app":"odis", "message":"Error processOdis" }'
ok

Log of logstash
[2019-05-02T15:44:43,954][WARN ][logstash.outputs.nagiosnsca] Skipping nagios_nsca output; error calling send_nsca {:error=>#<TypeError: no implicit conversion of Integer into String>, :nagios_nsca_command=>"/usr/sbin/send_nsca -H 10.88.88.250 -p 5667 -d : -c /etc/nagios/send_nsca.cfg", :message=>"cdv.tomcat-cdc-as1:TOMCAT.odis.error-detection:2:Error processOdis", :missed_event=>#<LogStash::Event:0x25cbded2>}

I check network traffic using tcpdump but nothing happend. Problem is with parameter nagios_status. I tried "2", '2', "CRITICAL" but nothing worked.

Could you please help me?
Regards!
Vasek

Hi,

Did you ever resolve this as seeing the same...?

Regards

I used Elastalert instead of Logstash nagios_nsca plugin.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.