Details
-
Help
-
Resolution: Fixed
-
Trivial
-
None
-
Professional Edition
Description
Hello all,
We enabled Syslog in Observium for our devices, and after following the documentation (docs.observium.org/syslog/) and validation, the page shows: No syslog entries found!.
# rsyslogd -version
|
rsyslogd 8.24.0, compiled with: |
PLATFORM: x86_64-pc-linux-gnu
|
PLATFORM (lsb_release -d):
|
FEATURE_REGEXP: Yes
|
GSSAPI Kerberos 5 support: Yes |
FEATURE_DEBUG (debug build, slow code): No
|
32bit Atomic operations supported: Yes
|
64bit Atomic operations supported: Yes
|
memory allocator: system default |
Runtime Instrumentation (slow code): No
|
uuid support: Yes
|
Number of Bits in RainerScript integers: 64See http://www.rsyslog.com for more information. |
|
|
# service rsyslog status
|
● rsyslog.service - System Logging Service
|
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
|
Active: active (running) since Fri 2018-06-08 10:06:30 CEST; 11min ago |
Docs: man:rsyslogd(8) |
http://www.rsyslog.com/doc/ |
Main PID: 11264 (rsyslogd) |
Tasks: 6 (limit: 4915) |
Memory: 26.0M |
CPU: 887ms
|
CGroup: /system.slice/rsyslog.service
|
├─11264 /usr/sbin/rsyslogd -n |
└─11689 php /opt/observium/syslog.phpJun 08 10:06:30 nettools systemd[1]: Starting System Logging Service... |
Jun 08 10:06:30 liblogging-stdlog[11264]: [origin software="rsyslogd" swVersion="8.24.0" x-pid="11264" x-info="http://www.rsyslog.com"] start |
Jun 08 10:06:30 systemd[1]: Started System Logging Service. |
|
|
# netstat -anp | grep :514 |
udp 0 0 0.0.0.0:514 0.0.0.0:* 11264/rsyslogd |
We enabled the debug syslog in observium, and we see the logs are been processed:
But no information in the web interface it's been showed:
I uploaded the config.php for validation (replacing ***** with sensitive information).
As before, any suggestions or clues to point at, it will be appreciated.
Thanks.
Attachments
Issue Links
- is mentioned by
-
-
- Closed
-
Activity
Tnx for debug.
Incorrect "progra' is part of syslog entry with '||<Warn', '||<Info', etc..
Hello Mike,
You quite spotted the situation, changing the $template from %fromhost% to %fromhost-ip% it worked. Our devices are registered in Observium without our company domain, when Observium does the DNS resolution it gets the reply with our company domain, then it's different as you said.
Attached are the debug.log.
XOS (extreme networks) is our devices OS's. It has a variety of version that goes from 15.x to 22.x.
Which is the incorrect "program" field sent from our devices?
Thanks,
Greetings.
Additionally, please attach part of debug.log (with syslog entries 50-100). And tell me which OS on this devices?
(you still can hide hostnames, I not want it)
Just I see incorrect "program" field was sended from your devices, which should be "fixed".
emiliomejias as I see, your syslog daemon received hostnames, in this case for associate message with device, hostname should match to device hostname (in observium) or to sysName.
Since you hidden all hostnames, I'm not sure that you have this right.
Please check again this section in Docs: http://docs.observium.org/syslog/#match-syslog-hostnameip-with-device
If syslog hostnames not matched with observium hostnames, you can use other options (associate by IP or use host_map config option).
Hello Mike,
Version r9262 works perfect.
Do you know how we can delete or re-process the old syslogs with '||<Warn', '||<Info', etc..?
Thanks.