Are you facing the error, Nagios: Failed to Parse Date Error?
This guide is for you.
Sometimes, we may not get the logs and the Logstash log might show Nagios: Failed to Parse Date Error.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to resolve related Nagios errors.
Recently, one of our customers informed us that the logs are not coming in and there is an error in the Logstash log, as below:
:response=>{"create"=>{"_index"=>"logstash-2021.04.09", "_type"=>"syslog", "_id"=>"AW8Ab04im8e-JsUH61c5", "status"=>400, "error"=>"MapperParsingException[failed to parse [timestamp8601]]; nested: MapperParsingException[failed to parse date field [2021-04-09 18:04:52.81], tried both date format [dateOptionalTime], and timestamp number with locale []]; nested: IllegalArgumentException[Invalid format: \"2021-04-09 18:04:52.81\" is malformed at \" 18:04:52.81\"]; "}}
In addition, there will be multiple identical input types in the input configuration, similar to:
syslog {
port => xxx
type => 'syslog'
}
syslog {
port => xxxx
type => 'syslog'
tags => 'Linux-Max'
}
Moving ahead, our Support Experts will suggest an effective method to fix this error.
In order to solve this, the logs coming in on the same input need to use the same formatting. This will let parsing work properly.
The format that the input expects is somewhat flexible initially but once the first message comes in, the format is set.
For example, the Syslog input expects all input to follow rfc3164 which can send a message like:
<0>2021 Apr 09 10:52:01 TZ-6 scapegoat.dmz.example.org 10.1.2.3 sched[0]: That's All Folks!
However, if a message with a different date format comes in([2021-04-09 18:04:52.81]) we will see a message logged like the above.
The fix is to make sure that all devices use the same date format or configure another input for these devices.
For example,
syslog {
port => xxxx
type => 'alternative-syslog'
tags => 'alternative Linux-Max'
}
This article covers Nagios Failed to Parse Date Error.
Basically, the logs coming in on the same input need to use the same formatting.
To fix this Nagios error, make sure that all devices use the same date format or configure another input for these devices.
For example:
syslog {
port => xxxx
type => 'alternative-syslog'
tags => 'alternative Linux-Max'
}