Standard Log Locations
On a Nagios XI server, useful logs can be found in a few different places:
Logs Located In /usr/local/nagios/var
These are standard Nagios Core and PNP4Nagios logs. They are usually configurable by way of their associated .cfg/.pl files.
/usr/local/nagios/var/nagios.log
The Nagios Core log, includes checks, notifications, external commands, and events. This file is rotated daily into the /usr/local/nagios/var/archives folder (default setting in nagios.cfg) by rsyslog.
Logs located in the /usr/local/nagios/var/archives folder are used as the data source for the Availability and SLA reports. Deleting them would cause these reports to show inaccurate data.
/usr/local/nagios/var/npcd.log
Log for the npcd daemon. This log is rotated by rsyslog. If you ever see load threshold warnings in this log, you may need to increase the load_threshold value in /usr/local/nagios/etc/pnp/npcd.cfg and restart the npcd service.
/usr/local/nagios/var/perfdata.log
This file is related to performance data does not log by default. You can enable logging in /usr/local/nagios/etc/pnp/process-perfdata.pl with "LOG_LEVEL = 1". This log will contain any timeout errors for performance data processing and generally will include any errors with datasources and round robin database (.rrd) files.
Logs Located In /usr/local/nagiosxi/tmp
It is possible to find two logs in the /usr/local/nagiosxi/tmp directory.
/usr/local/nagiosxi/tmp/phpmailer.log
This file contains the logs for emails sent via the phpmailer.
/usr/local/nagiosxi/tmp/upgrade.log
This file contains the logs for upgrading your Nagios XI system.
Logs Located In /usr/local/nagiosxi/var
Most of these logs are overwritten by crond at the top of the minute. They are stream-style logs, so a running tail ( tail -f xxx ) is usually the best way to watch them. As they are managed by cron, and not rsyslog, changing the logging would require editing the nagiosxi cron scripts. It is recommended that you do not alter the crons though, as certain Nagios XI components rely on these crons/logs.
/usr/local/nagiosxi/var/cleaner.log
This file logs any cleanup processes. This includes any
file-system maintenance like the removal of old nagiosql backup files and trims the saved snapshots. Additionally, some components use the cleaner proc to cleanup after themselves (IM, etc).
/usr/local/nagiosxi/var/cmdsubsys.log
This file logs the process of any commands passed to the Nagios XI backend/subsystem through the cmdsubsys cron. This includes "Apply Configuration" or other Nagios XI specific commands. These commands are read by the cron from the nagiosxi SQL database table "xi_commands".
/usr/local/nagiosxi/var/components/bpi.log
Nagios Business Process Intelligence (BPI) log file. Any errors suppressed by the Nagios XI interface will be logged in this file.
/usr/local/nagiosxi/var/components/scheduledbackups.log
This file contains the logs for the Scheduled Backup component.
/usr/local/nagiosxi/var/dbmaint.log
This file logs the result of the database maintenance cron. This should include table truncates and db backups.
/usr/local/nagiosxi/var/deadpool.log
Added in Nagios XI 2014. It logs the removal of nagios objects as specified by the deadpool settings.
/usr/local/nagiosxi/var/eventman.log
This file logs any events passed through the Nagios XI backend. This includes the global event handler, Nagios XI user notifications, standard event handlers, and component specific events. These events are read by the cron from the nagiosxi SQL database table "xi_events".
/usr/local/nagiosxi/var/feedproc.log
This file logs the processing of specific backend objects that are fed to Nagios XI - specifically unconfigured objects.
/usr/local/nagiosxi/var/load_url.log
This file logs any errors from the internal Nagios XI load_url() function. This includes backend API calls as well as ajax GET requests.
/usr/local/nagiosxi/var/nom.log
This file logs the creation of nagios checkpoints and scheduled nagios restarts (default is once every 24 hours).
/usr/local/nagiosxi/var/perfdataproc.log
This file logs the processing of perfdata. This includes the management of the /usr/local/nagios/var/spool directories:
checkresults
xidpe
perfdata
/usr/local/nagiosxi/var/recurringdowntime.log
This file logs any recurring downtime processed by the recurring downtime cron.
/usr/local/nagiosxi/var/reportengine.log
Currently unused.
/usr/local/nagiosxi/var/sysstat.log
This file logs the reporting of Nagios XI component statuses run by the sysstat cron, which will subsequently update the Nagios engine and component statistics dashlet in the Nagios XI interface.
Logs Located In /var
These are system logs that may provide helpful information when troubleshooting an issue with Nagios XI or the server itself. By default, all of the logs below are managed/rotated by rsyslog or whichever system logger your Nagios XI server is running.
/var/log/messages
This is the system messages log. Most hardware related errors will appear here, as well as nrpe information, segfaults, kernel msg limits, and ulimit errors among many other things. This is a good log to know about. If you suspect intermittent hardware issues, look here, or just run dmesg.
/var/log/httpd/error_log
This is the Apache error log. Problems/bugs in the php will log here, as well as authentication problems or issues with broken urls. As Nagios XI is a LAMP application, many issues will log here. It is always a good place to start when troubleshooting Nagios XI.
/var/log/httpd/access_log
This is the Apache access log. Failed authentications, ajax requests and page views will log here.
/var/log/maillog
This file logs email sent through sendmail. Only applicable to core contact "notify-*-by-email" notification handlers and sendmail tests.
/var/log/mariadb/mariadb.log
/var/log/mysqld.log
This is the MySQL/MariaDB database log. MariaDB is used in RHEL/CentOS 7.x onwards. Issues such as crashed tables or mysqld service startup errors will be logged here. It is not a bad idea to create a check to search these logs for the string "crashed", as that is a sign that the database may need to be repaired with the script /usr/local/nagiosxi/scripts/repair_databases.sh.
/var/lib/pgsql/pgstartup.log
The is the Postgresql startup log. Issues with the postgres .pid or .lock files will log here.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved
