Hi,
hostname (from what you see in debug.log) must be same as "full hostname" of device in observium or device IP if rsyslog used with %fromhost-ip% in template.
in other cases (with latest CE or Pro), you can use host_map config option, ie:
// Mapping (unknown) syslog hosts to device (id or hostname) //$config['syslog']['host_map']['localhost'] = 'my.device.name'; // device hostname/sysname //$config['syslog']['host_map']['127.0.0.1'] = 1; // or device id
On Mon, Oct 10, 2016 at 8:23 AM, Grégory Lemblé gregory.lemble@gmail.com wrote:
Morning,
I try to implement the syslog.php features inside our Observium instance. on debug mode, we got syslog info inside the logs/debug.log file. But on the web side, impossible to get any message from the syslog.
I'm not sure which area i need to investigate to get it done. Some help will be appreciate.
Many Thanks
Observium Version Pro 0.16.10.8118 (Stable)
rsyslogd 7.4.4, compiled with: FEATURE_REGEXP: Yes FEATURE_LARGEFILE: No GSSAPI Kerberos 5 support: Yes FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes Runtime Instrumentation (slow code): No uuid support: Yes
/etc/rsyslog.d/60-observium.conf:
#--------------------------------------------------------- #send remote logs to observium
$template observium,"%fromhost%||%syslogfacility%||%syslogpriority%||% syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n" $ModLoad omprog $ActionOMProgBinary /var/www/observium/syslog.php
:inputname, isequal, "imudp" :omprog:;observium
#& ~ & stop #---------------------------------------------------------
debug.log file: [2016/10/10 08:00:15 +0800] syslog.php(19124): hostname||1||4||4||auth:||2016-10-10 08:00:14|| User XXXXXXXXXXXX logout||auth [2016/10/10 08:00:15 +0800] syslog.php(19124): hostname||1||6||6||Security:||2016-10-10 08:00:15|| SSH login by public key from src IP XXXXXXX from src MAC XXXXX to USER EXEC mode using DSA as Server Host Key. ||Security
config.php: $config['syslog']['debug'] = True; $config['enable_syslog'] = 1; // Enable Syslog $config['syslog']['fifo'] = FALSE;
Front Web: No syslog entries found!Check that the syslog daemon and Observium configuration options are set correctly, that your devices are configured to send syslog to Observium and that there are no firewalls blocking the messages. See documentation http://www.observium.org/wiki/Category:Documentation and configuration options http://www.observium.org/wiki/Configuration_Options#Syslog_Settings for more information
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium