Status: beta

The nagios output is used for sending passive check results to nagios via the nagios command file.

For this output to work, your event must have the following fields:

  • "nagios_host"
  • "nagios_service"

This field is supported, but optional: "nagios_annotation"

The easiest way to use this output is with the grep filter. Presumably, you only want certain events matching a given pattern to send events to nagios. So use grep to match and also to add the required fields.

filter {
  grep {
    type => "linux-syslog"
    match => [ "@message", "(error|ERROR|CRITICAL)" ]
    add_tag => [ "nagios-update" ]
    add_fields => [
      "nagios_host", "%{@source_host}",
      "nagios_service", "the name of your nagios service check"

  nagios { 
    # only process events with this tag
    tags => "nagios-update"


This is what it might look like in your config file:
output {
  nagios {
    commandfile => ... # string (optional), default: "/var/lib/nagios3/rw/nagios.cmd"
    tags => ... # array (optional), default: []
    type => ... # string (optional), default: ""



  • Value type is string
  • Default value is "/var/lib/nagios3/rw/nagios.cmd"

The path to your nagios command file


  • Value type is array
  • Default value is []

Only handle events with all of these tags. Note that if you specify a type, the event must also match that type. Optional.


  • Value type is string
  • Default value is ""

The type to act on. If a type is given, then this output will only act on messages with the same type. See any input plugin's "type" attribute for more. Optional.

This is documentation from lib/logstash/outputs/nagios.rb