7 Oct
2014
7 Oct
'14
1:21 p.m.
On 07.10.2014 14:58, Markus Klock wrote:
We are using syslog-ng
Enable syslog debug, in config.php add: $config['syslog']['debug'] = TRUE; // If TRUE store RAW syslog lines into logs/debug.log file
restart syslog-ng service, wait when log file debug.log will be created in dir logs/ and specific syslog lines (with messages which should be filtered) added.
Send to me (not list) this file logs/debug.log and your config.php (without any password information).
after, do not forget to remove from the config $config['syslog']['debug']..
/Markus
2014-10-07 12:32 GMT+02:00 Ben Steele <ben@bensteele.org mailto:ben@bensteele.org>:
What syslog daemon are you using? On Tue, Oct 7, 2014 at 8:36 PM, Markus Klock <markus@best-practice.se <mailto:markus@best-practice.se>> wrote: Am I the only one with these issues? Syslog filters works fine for everyone else? A single $config['syslog']['filter'][] = 'Cable'; should filter out all syslog-lines who contains the word Cable right? /Markus 2014-09-30 13:43 GMT+02:00 Markus Klock <markus@best-practice.se <mailto:markus@best-practice.se>>: Got a little frustraded and added this to the config.php: $config['syslog']['filter'][] = 'Wideband-Cable'; $config['syslog']['filter'][] = 'Wideband*Cable'; $config['syslog']['filter'][] = '*Wideband*Cable*'; $config['syslog']['filter'][] = '.*Wideband.*Cable.*'; $config['syslog']['filter'][] = 'Interface Wideband'; $config['syslog']['filter'][] = 'unregistered'; $config['syslog']['filter'][] = 'Cable'; $config['syslog']['filter'][] = 'Modem'; and restarted the syslog-service (also copied from syslog output to prevent typo and stupid symbols) Still no result :( 2014-09-30 11:00 GMT+02:00 Mike Stupalov <mike@observium.org <mailto:mike@observium.org>>: On 30.09.2014 10:53, Markus Klock wrote:Hmm, still no workie :( Added this to my config.php: $config['syslog']['filter'][] = "Wideband-Cable"; $config['syslog']['filter'][] = "Cabel Modem";I think you need copy-paste strings from syslog page. As I see: - $config['syslog']['filter'][] = "Cabel Modem"; + $config['syslog']['filter'][] = "Cable Modem"; In first string may used a different dash symbol..then did a service restart of syslog-ng. but still get these: /Markus 2014-09-29 17:04 GMT+02:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Yes, syslog.php keeps running with an open pipe, regardless of the syslog software used. So it needs to be killed so it can respawn. Tom On 09/29/2014 04:41 PM, Mike Stupalov wrote:On 29.09.2014 18:28, Markus Klock wrote:Ah! I use syslog-ng but i presume its the same deal?Yes I think, but i never used syslog-ng :)Thanks Mike! /Markus ------------------------------------------------------------------------ Från: Mike Stupalov <mailto:mike@observium.org> Skickat: 2014-09-29 15:15 Till: Observium Network Observation System <mailto:observium@observium.org> Ämne: Re: [Observium] Syslog filters On 29.09.2014 15:50, Markus Klock wrote:I also have this filter: $config['syslog']['filter'][] = 'Wideband-Cable'; but still get: Am I doing something wrong or is the syslog-filter not working properly? I am at r5835 btw.You use rsyslog as syslog collector? Than after change any syslog options in observium you should reload rsyslog service: $ service rsyslog reload because options (also filters) initialized only on first run./Markus 2014-09-29 13:15 GMT+02:00 Markus Klock <markus@best-practice.se <mailto:markus@best-practice.se>>: Well, might be but not according to the config examples: http://observium.org/wiki/Configuration_Options#Syslog_Settings /Markus 2014-09-29 13:05 GMT+02:00 Peter Persson <peter.persson@bredband2.se <mailto:peter.persson@bredband2.se>>: I dont use this, but it might be regexp? So a "/" in the end? 2014-09-29 12:46 GMT+02:00 Markus Klock <markus@best-practice.se <mailto:markus@best-practice.se>>: Hello! I'm trying to apply some syslog-filters and have for example added this to my config.php: $config['syslog']['filter'][] = 'ROUTING-MLDP-5-BRANCH'; $config['syslog']['filter'][] = "Successfully authenticated user \'rancid\'"; However I still get messages containing these strings Do I need some kind of wildcard or what could be wrong? BR, Markus _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- Mike Stupalov http://observium.org _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- Mike Stupalov http://observium.org _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- Mike Stupalov http://observium.org _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
--
Mike Stupalov
http://observium.org
