Hi all,
I have recently installed Splunk for Nagios and setup the livestatus things associated with it into my nag server.
I have MK Livestatus running out of xinetd and can run:
echo -e "GET services\nColumns: host_name description state" | netcat 111.111.111.111 6557
And successfully get data on my Nagios nodes. (running it from splunk indexer)
However, when I open the Livestatus Dashboard page in the SFN app I get N/A everywhere... (except for the "service alerts")
Also the "Nagios Linux Performance Graphs" only display any info in the first two sections. (Warnings and Crit Alerts, Top 10 Service Notifications)
It's indexing my data fine, but, doesn't seems to be using the livestatus connections correctly.
Any ideas?
Help?
Cheers,
Aaron.
How have you set up your livestatus xinetd settings? You have to link the livestatus socket on your nagios machine to xinetd socket. Here's an example from http://mathias-kettner.com/checkmk_livestatus.html for a /etc/xinetd.d/livestatus file.
service livestatus
{
type = UNLISTED
port = 6557
socket_type = stream
protocol = tcp
wait = no
# limit to 100 connections per second. Disable 3 secs if above.
cps = 100 3
# set the number of maximum allowed parallel instances of unixcat.
# Please make sure that this values is at least as high as
# the number of threads defined with num_client_threads in
# etc/mk-livestatus/nagios.cfg
instances = 500
# limit the maximum number of simultaneous connections from
# one source IP address
per_source = 250
# Disable TCP delay, makes connection more responsive
flags = NODELAY
user = nagios
server = /usr/bin/unixcat
server_args = /var/lib/nagios/rw/live
# configure the IP address(es) of your Nagios server here:
# only_from = 127.0.0.1 10.0.20.1 10.0.20.2
disable = no
}
Hi Aaron,
Please upgrade to the latest release and let me know how you go 🙂
All the best,
Luke 🙂