If you have log_facility=local4
in your nrpe.conf and local4.* /var/log/nrpe.log (or whatever file you choose) in syslog.conf you should have log messages from nrpe in your specified log file. The log entrys in your first post are, as I already mentioned, from xinetd directly ...and xinetd seems to log to the daemon facility and I think, that you cannot change this. I tried (for the rsync service) to set log_on_failure = log_on_success = so effectively clearing these two options for that service. Afterwards this start/success messages generated by xinetd when the service starts up were gone. You could try this with the nrpe service...Then your /var/log/messages should be clean. Thomas On 10/05/2011 05:34 PM, R. Leigh Hennig wrote: service syslog restart did restart the syslog service, however no changes have been made. Logs about NRPE are still going to /var/log/messages, even though I added "local4.* /var/log/nrpe.log" to that file, and the nrpe.cfg I changed it to local4 as well... On Wed, Oct 5, 2011 at 11:24 AM, Schimpke, Dr. Thomas - bhn <[email protected]<mailto:[email protected]>> wrote: It somewhat depends upon your operating system (and Linux distribution, if you use Linux). On a RedHat based system you may want to try "service syslog restart". Typically syslog reloads its configuration, if you sent him the SIGHUP signal. So you may want to use ps -ef | grep syslog to determine syslog's pid and then kill -HUP pid. You may want to check syslog's man page to verify if your syslog responds to signals ... if your're not on linux. Thomas On 10/05/2011 04:54 PM, R. Leigh Hennig wrote: I made the change and restarted xinted. How do I restart syslog? On Wed, Oct 5, 2011 at 10:43 AM, Schimpke, Dr. Thomas - bhn <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> wrote: Hi, it's not nrpe's config file - it's xinetd's config file for the nrpe service. nrpe is started by xinetd as soon as a request from the nagios server arrives. So you simply need to restart xinetd (or reload its configuration). If you still use SYSLOG (and not FILE), then you should configure the facility in /etc/syslog.conf appropriately. You need to restart/reload syslog for the change to have effect. Thomas On 10/05/2011 04:24 PM, R. Leigh Hennig wrote: I've made the configuration change - now I'm guessing I need to restart NRPE daemon to read in the changed config file. How do I restart NRPE? I want it to run as a daemon, and I believe that it is...there's an nrpe file in /etc/xinte.d/...I already restarted xinted after I made the log file change there... On Wed, Oct 5, 2011 at 9:51 AM, Schimpke, Dr. Thomas - bhn <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>><mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>>> wrote: These aren't messages from nrpe but from xinetd. You should set the log_type parameter in nrpe's config fiule for the xinetd. Either use SYSLOG with facility local0 and configure syslog to log local0 to a file .../nrpe.log or use FILE as a parameter for the log_type and and the full path to the desired logfile. Check out the xinetd.conf man page for more details. Since you poll nrpe quite often it may be better to run nrpe as a daemon (nrpe -d ...) anyway to avoid the start overhead. Thomas On 10/05/2011 03:13 PM, R. Leigh Hennig wrote: On my remote hosts, /var/log/messages is filling up with messages like this: Sep 26 06:33:53 <REMOVED> xinetd[13362]: EXIT: nrpe status=0 pid=8099 duration=0(sec) Sep 26 06:34:01 <REMOVED> xinetd[13362]: START: nrpe pid=8105 from=<REMOVED> Sep 26 06:34:01 <REMOVED> xinetd[13362]: EXIT: nrpe status=0 pid=8105 duration=0(sec) Sep 26 06:34:57 <REMOVED> xinetd[13362]: START: nrpe pid=8113 from=<REMOVED> How can I make it so that Nagios/NRPE throws these in a different file, and not just /var/log/messages? Thanks ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nagios-users mailing list [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>><mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nagios-users mailing list [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nagios-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
