Loading...

XML

Word

Printable

Details

Type: Help
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: Professional Edition
Component/s: Default
Labels:
None
Environment:
Ubuntu 20.04

Description

Hello,

I tried to run syslog, according to the documentation ( https://docs.observium.org/syslog/#rsyslogd ), but I am still facing the problem "No syslog entries found".

It doesn't look like a firewall problem. As you can see in the screenshot tcpdump receives messages. Besides, the server as well as the device is on the same subnet.

Here is the configuration:

30-observium.conf

#---------------------------------------------------------

# send remote logs to observium# provides UDP syslog reception

module(load="imudp")input(type="imudp"

  port="514"

  ruleset="observium")## provides TCP syslog reception (uncomment if required)

#module(load="imptcp")

#input(type="imptcp"

#      port="514"

#      ruleset="observium")module(load="omprog")

# observium syslog template

template(name="observium"

     type="string"

     string="%fromhost-ip%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg:::space-cc%||%programname%\n")

# observium RuleSets

#ruleset(name="observium") {

#   action(type="omprog"

#          binary="/opt/observium/syslog.php"

#          template="observium")

#   stop

#}

ruleset(name="observium") {

    if $syslogseverity <= '5' then action(type="omprog" binary="/opt/observium/syslog.php" template="observium")

    stop

#---------------------------------------------------------

yslog.conf

# /etc/rsyslog.conf configuration file for rsyslog

# For more information install rsyslog-doc and see

# /usr/share/doc/rsyslog-doc/html/configuration/index.html

# Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################

#### MODULES ####

#################module(load="imuxsock") # provides support for local system logging

#module(load="immark")  # provides --MARK-- message capability# provides UDP syslog reception

#module(load="imudp")

#input(type="imudp" port="514")# provides TCP syslog reception

#module(load="imtcp")

#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages

module(load="imklog" permitnonkernelfacility="on")

###########################

#### GLOBAL DIRECTIVES ####

############################

# Use traditional timestamp format.

# To enable high precision timestamps, comment out the following line.

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages

$RepeatedMsgReduction on

# Set the default permissions for all log files.

$FileOwner syslog

$FileGroup adm

$FileCreateMode 0640

$DirCreateMode 0755

$Umask 0022

$PrivDropToUser syslog

$PrivDropToGroup syslog

$ModLoad imudp

$UDPServerRun 514

# Where to place spool and state files

$WorkDirectory /var/spool/rsyslog

# Include all config files in /etc/rsyslog.d/

If you need more informations, let me know.

I'd really appreciate your help

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

observiu_syslog_settings.png
2023/03/13 01:39 PM
134 kB
Helpdesk
rsyslog_status.png
2023/03/13 01:35 PM
52 kB
Helpdesk
tcpdump_syslog.png
2023/03/13 01:25 PM
29 kB
Helpdesk

Activity

People

Assignee:: Mike Stupalov

Reporter:: Helpdesk

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023/03/13 01:45 PM

Updated:: 2023/03/17 12:27 PM

Resolved:: 2023/03/15 12:21 PM