Hello,
I am trying to send passive check to nagios using Logstash nagios_nsca plugin.
Elasticstack v 6.3.2
/usr/share/logstash/bin/logstash-plugin list | grep nsca
logstash-output-nagios_nsca
Configuration:
pipeline:
input {
http {
port => 10040
}
}
filter {
json {
source => "message"
}
}
output {
if ( [app] == "application" and [env] == "prod" and [message] =~ /^Error/ ) {
nagios_nsca {
host => "10.88.88.200"
port => 5667
nagios_host => "10.88.88.250"
nagios_service => "application.error-detection"
nagios_status => 2
send_nsca_bin => "/usr/sbin/send_nsca"
send_nsca_config => "/etc/nagios/send_nsca.cfg"
message_format => "%{message}"
}
elasticsearch {
hosts => ["localhost:9200"]
index => "alerts-%{+YYYY.MM}"
user => "logstash"
password => ""******"
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
index => "noalerts-%{+YYYY.MM}"
user => "logstash"
password => "******"
}
}
}
Sending event to logstash:
curl -XPOST localhost:10040/libovolne-url -d '{ "env" : "prod", "app":"odis", "message":"Error processOdis" }'
ok
Log of logstash
[2019-05-02T15:44:43,954][WARN ][logstash.outputs.nagiosnsca] Skipping nagios_nsca output; error calling send_nsca {:error=>#<TypeError: no implicit conversion of Integer into String>, :nagios_nsca_command=>"/usr/sbin/send_nsca -H 10.88.88.250 -p 5667 -d : -c /etc/nagios/send_nsca.cfg", :message=>"cdv.tomcat-cdc-as1:TOMCAT.odis.error-detection:2:Error processOdis", :missed_event=>#<LogStash::Event:0x25cbded2>}
I check network traffic using tcpdump but nothing happend. Problem is with parameter nagios_status. I tried "2", '2', "CRITICAL" but nothing worked.
Could you please help me?
Regards!
Vasek