Details
-
Help
-
Resolution: Done
-
Major
-
None
-
Professional Edition
-
None
-
Ubuntu 20.04
Description
Hello,
I tried to run syslog, according to the documentation ( https://docs.observium.org/syslog/#rsyslogd ), but I am still facing the problem "No syslog entries found".
It doesn't look like a firewall problem. As you can see in the screenshot tcpdump receives messages. Besides, the server as well as the device is on the same subnet.
Here is the configuration:
30-observium.conf
#---------------------------------------------------------
|
# send remote logs to observium# provides UDP syslog reception
|
module(load="imudp")input(type="imudp" |
port="514" |
ruleset="observium")## provides TCP syslog reception (uncomment if required) |
#module(load="imptcp") |
#
|
#input(type="imptcp" |
# port="514" |
# ruleset="observium")module(load="omprog") |
# observium syslog template
|
template(name="observium" |
type="string" |
string="%fromhost-ip%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg:::space-cc%||%programname%\n") |
# observium RuleSets
|
#ruleset(name="observium") { |
# action(type="omprog" |
# binary="/opt/observium/syslog.php" |
# template="observium") |
# stop
|
#}
|
ruleset(name="observium") { |
if $syslogseverity <= '5' then action(type="omprog" binary="/opt/observium/syslog.php" template="observium") |
stop
|
}
|
#---------------------------------------------------------
|
yslog.conf
# /etc/rsyslog.conf configuration file for rsyslog |
#
|
# For more information install rsyslog-doc and see
|
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
|
#
|
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf |
#################
|
#### MODULES ####
|
#################module(load="imuxsock") # provides support for local system logging |
#module(load="immark") # provides --MARK-- message capability# provides UDP syslog reception |
#module(load="imudp") |
#input(type="imudp" port="514")# provides TCP syslog reception |
#module(load="imtcp") |
#input(type="imtcp" port="514") |
# provides kernel logging support and enable non-kernel klog messages
|
module(load="imklog" permitnonkernelfacility="on") |
###########################
|
#### GLOBAL DIRECTIVES ####
|
############################
|
# Use traditional timestamp format.
|
# To enable high precision timestamps, comment out the following line.
|
#
|
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
# Filter duplicated messages
|
$RepeatedMsgReduction on
|
#
|
# Set the default permissions for all log files. |
#
|
$FileOwner syslog
|
$FileGroup adm
|
$FileCreateMode 0640 |
$DirCreateMode 0755 |
$Umask 0022 |
$PrivDropToUser syslog
|
$PrivDropToGroup syslog
|
$ModLoad imudp
|
$UDPServerRun 514 |
#
|
# Where to place spool and state files
|
#
|
$WorkDirectory /var/spool/rsyslog
|
#
|
# Include all config files in /etc/rsyslog.d/
|
If you need more informations, let me know.
I'd really appreciate your help
Attachments
Activity
Resolution | New: Done [ 10000 ] | |
Status | Original: Pending Response [ 10000 ] | New: Resolved [ 5 ] |
Component/s | New: Default [ 10900 ] |
Assignee | Original: Adam Armstrong [ adama ] | New: Mike Stupalov [ landy ] |
Status | Original: Open [ 1 ] | New: Pending Response [ 10000 ] |
I have discovered IP address and I have enable feature "Associate hosts by Cached IP". It still doesn't work. Any ideas?