I just recently installed the Nagios App to see what I could do with our check_mk multisite data. I've got it working - some of the dashboards don't work quite right, but the data is there. Here's what I did.
- Installed the app per its documentation
- Edited the check_mk server's forwarder inputs.conf to point to the nagios.log, host and service perf logs of all sites.
- Edited the path and file name of the redirected output in each site's commands.cfg (e.g., /opt/omd/sites/$SITE/var/log/service-perfdata.log)
- Created a props/transforms conf changes on the search head to extract the OMD site based on the file path
Some of the dashboards work just fine, mostly ignoring the OMD site separation between hosts. I'm much more of a data user than a dashboard user, though. Now I can do things like count the number of distinct hosts down per OMD site. One of those visualizations that provides joy, immediately followed by regret.
inputs.conf:
[monitor:///opt/omd/sites/.../var/nagios/nagios.log]
index = nagios
sourcetype = nagios
[monitor:///opt/omd/sites/.../var/log/host-perfdata.log]
index = nagios
sourcetype = nagioshostperf
[monitor:///opt/omd/sites/.../var/log/service-perfdata.log]
index = nagios
sourcetype = nagiosserviceperf
props.conf
[nagios]
REPORT-extract_nagios_omdsite = nagios_omdsite
EXTRACT-nagios_event = ^[^ \n]* (?P\w+\s+\w+)
[nagiosserviceperf]
REPORT-extract_nagios_omdsite = nagios_omdsite
EXTRACT-nagios_event = ^[^ \n]* (?P\w+\s+\w+)
[nagioshostperf]
REPORT-extract_nagios_omdsite = nagios_omdsite
EXTRACT-nagios_event = ^[^ \n]* (?P\w+\s+\w+)
transforms.conf
[nagios_omdsite]
CLEAN_KEYS = 0
REGEX = \/opt\/omd\/sites\/(?\w+)\/
SOURCE_KEY = source
