Saturday, 14 August 2010

Dear future self

I found myself involved in a project which uses Nagios and Splunk to monitor IT infrastructure, and needed to know how to pass syslog messages from a Debian box to Splunk.

Of course I Googled, and to my surprise I found my own post in nagios-users, from over 3 years ago with exactly the same issue, albeit with older versions of the same software.

It was a pretty weird experience, one the one hand I thought it was great that mailing lists are there to be leveraged, repeatedly, but at the same time I realise I didn't learn the solution the first time.
I guess it a testement to Nagios, it's still a great product, still very relevant.

If we can just recall information it so easily, why bother learning it at all?
Better to know how to search, than how to learn.

There's value in making our information discoverable though, so this is note to my future self :
To forward Nagios event messages via syslog to a splunk server, configure data in on the splunk server to accept data on port 514, UDP.
Edit the config of syslog on the Nagios host to forward the messages to the splunk server by adding this line...
user.* @ip.add.of.splunk

No comments: