It’s not very easy to see your /var/log/messages when your poller receive a lot of check results and that’s why I wrote this post. This post only concern NSCA server and not the client.

The latest stable version of NSCA (2.7.2) doesn’t have syslog facility parameter. Syslog facility is implemented in the 2.9 release but it’s not yet stable, so I suggest you to use the 2.7.2 release.

Okay but what should we do to have syslog facility in the 2.7.2 release ?

You should apply all patches in the project page on SourceForge.

After applied these modifications, you could update your version by using the update_version script (provided on NSCA tarball) like in the following example:

1
./update_version 2.7.2-patched-by-you
Note: If you didn’t set a date the date of the day will be used.

The next step is to compile the new NSCA. Yes I know you need to recompile and reinstall your NSCA servers.

When the new NSCA version is installed you could verify the version with “/usr/bin/nsca —version” command. Example:

1
2
3
4
5
6
7
8
/usr/bin/nsca --version
NSCA - Nagios Service Check Acceptor
Copyright (c) 2000-2007 Ethan Galstad (www.nagios.org)
Version: 2.7.2-patched-by-you
Last Modified: 03-11-2014
License: GPL v2
Encryption Routines: AVAILABLE
TCP Wrappers Available

Great !!! We have the new version, let’s configure it to use a specific log file.

NSCA configuration

You need to add the following lines in your NSCA configuration file. I my case the configuration file is /etc/nagios/nsca.cfg :

1
2
log_facility=local0
debug=0
Note: It’s strongly recommended to enable debug just during debug session and not in normal mode.

Congrats you have configured your NSCA server, you could go to the next step.

Rsyslog configuration

To allow Rsyslog or its equivalents to manage your log files correctly, you need update your configuration to log NSCA messages in a specific file.

So you need to add the following lines in your rsyslog configuration file. Im my case the configuration file is /etc/rsyslog.conf.

1
local0.*                                          /var/log/nsca
Note: You could add this line at the end of the file.

That’s all for Rsyslog.

After you have made modifications, a restart of nsca and rsyslog is needed. You need to run the following commands to restart them.

1
2
/etc/init.d/rsyslog restart
/etc/init.d/nsca restart

Okay, you could check /var/log/nsca to see NSCA logs. If you don’t see anything in this file a restart of nsca could be performed to create events in log.

I was difficult ? Have fun with your NSCA log file. ;–)

comments powered by Disqus