It’s not very easy to see your /var/log/messages when your poller receive a lot of check results and that’s why I wrote this post. This post only concern NSCA server and not the client.
The latest stable version of NSCA (2.7.2) doesn’t have syslog facility parameter. Syslog facility is implemented in the 2.9 release but it’s not yet stable, so I suggest you to use the 2.7.2 release.
Okay but what should we do to have syslog facility in the 2.7.2 release ?
You should apply all patches in the project page on SourceForge.
After applied these modifications, you could update your version by using the update_version script (provided on NSCA tarball) like in the following example:
Note: If you didn’t set a date the date of the day will be used.
The next step is to compile the new NSCA. Yes I know you need to recompile and reinstall your NSCA servers.
When the new NSCA version is installed you could verify the version with “/usr/bin/nsca —version” command. Example:
1 2 3 4 5 6 7 8
Great !!! We have the new version, let’s configure it to use a specific log file.
You need to add the following lines in your NSCA configuration file. I my case the configuration file is /etc/nagios/nsca.cfg :
Note: It’s strongly recommended to enable debug just during debug session and not in normal mode.
Congrats you have configured your NSCA server, you could go to the next step.
To allow Rsyslog or its equivalents to manage your log files correctly, you need update your configuration to log NSCA messages in a specific file.
So you need to add the following lines in your rsyslog configuration file. Im my case the configuration file is /etc/rsyslog.conf.
Note: You could add this line at the end of the file.
That’s all for Rsyslog.
After you have made modifications, a restart of nsca and rsyslog is needed. You need to run the following commands to restart them.
Okay, you could check /var/log/nsca to see NSCA logs. If you don’t see anything in this file a restart of nsca could be performed to create events in log.
I was difficult ? Have fun with your NSCA log file. ;–)