Hi Patrick,

no you are not impatient. ;-)

Following the Observium documentation forwards only syslog messages recieved by udp to observium.
The crux is the given Message Filter for rsyslog. Which is for rsyslog version prior 5.n. btw.
Which says if the inputname is equal to "imudp" execute the module omprog with the message template observium _and_ do not process messages that matched that rule any further.
imudp is the name of the Module you have loaded before with $ModLoad imudp.

With rsyslog version 5 or later you can use, eg, this instead:

if $fromhost-ip startswith 'aaa.bbb.nnn' then action(type="omprog" binary="/opt/observium/syslog.php" template="observium")

Just change the filter condition to selecte the messages you want to forward to the observium database.
Which means you can also forward local messages... ;)

g
Karsten

From: Patrick Marquetecken <patrick@marquetecken.be>
To: Observium Network Observation System <observium@observium.org>
Date: 22.01.2015 10:51
Subject: Re: [Observium] Problem with rsyslog configuration
Sent by: "observium" <observium-bounces@observium.org>

Mike,

It's working apparently is was just inpatient.

Thanks for your help.

Patrick

Mike Stupalov schreef op 22/01/15 om 10:31:
On 22.01.2015 11:43, Patrick Marquetecken wrote:
Mike,

Ok, I had activated the tcp forwarding @@ and not the upd @ from the remote servers.

When I do a tcpdump -i eth0 udp port 514
I see now 3 servers sending there information.

smtp-01, fw-01 and web-01

09:33:36.456070 IP smtp-01.58878 > mon-02.syslog: SYSLOG local4.debug, length: 63
09:33:37.194493 IP fw-01.48762 > mon-02.syslog: SYSLOG kernel.info, length: 212
09:40:01.295382 IP web-01.53940 > mon-02.syslog: SYSLOG cron.info, length: 75

I can see the syslogs now for the server snmp-01 (perfect)
but for server fw-01, and web-01 I don't see anything in Observium.

the names of those server are excact as in the device table hostname.

Any idea how to debug this ?

When you use %fromhost-ip%, correct device detected by IP address from DB.
Then this IP addresses should be founded in "ipv4/6-addresses" discovery modules.
You can check that this diveces have IP addresses in "Search IP addresses" page:
http://observium/search/search=ipv4/

Mike Stupalov schreef op 22/01/15 om 09:04:
In DB are stored syslog entries only from remote devices (udp), not from local system.

On Thu, Jan 22, 2015 at 10:36 AM, Patrick Marquetecken <patrick@marquetecken.be> wrote:
Hi All,

I'm having trouble to get the rsyslog working.

I have followed the guide http://www.observium.org/wiki/Rsyslog_Syslog_Server but used the %fromhost-ip% .

And rebooted rsyslog service.

When I do a tail of /var/log/messages (i'm using a centos 6.4) I see the log files from my others server coming in, but none is going to the database.

Jan 22 08:31:12 smtp postfix/anvil[6320]:
Jan 22 08:27:38 app-05 postfix/postqueue[28297]:
Jan 22 08:31:24 db-02 postfix/postqueue[25382]:
Jan 22 07:52:56 fw-01 postfix/postqueue[18540]:
Jan 22 08:31:36 proxy-01 postfix/postqueue[16781]:
Jan 22 08:31:40 app-01 postfix/postqueue[17602]:
Jan 22 08:31:39 db-01 postfix/postqueue[17506]:
Jan 22 08:28:06 voip-02 postfix/postqueue[29870]:
Jan 22 08:27:48 nas-02 postfix/postqueue[30007]:

config.php
$config['enable_syslog'] = 1;
$config['syslog']['fifo'] = FALSE;
$config['syslog']['debug'] = TRUE;

syslog.php
logfile('logs/debug.log', $line);

debug.log
This file stays empty unless i run syslog.php at hand then I see this:
[2015/01/20 17:03:31 +0100] syslog.php(15435):

Can someone please advice to get this working.

Thanks

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

--
Mike Stupalov
http://observium.org/

_______________________________________________ observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium

_______________________________________________ observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium

-- Mike Stupalovhttp://observium.org

_______________________________________________ observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
[attachment "signature.asc" deleted by Karsten Schwarz/CHdN] _______________________________________________ observium mailing list observium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium

Pensez à l'environnement avant d'imprimer ce message / Think of the environment before printing out this message