Am Tue, 24.06.2014 um 14:49 schrieb Ole Hansen oha@netic.dk:
Hi,
I'm trying to get syslog (using syslog-ng) from some NX-OS devices into Observium, but so far no luck.
I'm using the following syslog-ng configuration
template t_observium { template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n"); template-escape(yes); };
For me it works with
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
10.10.10.10||local7||info||info||be||2014-06-24 16:43:08||Jun 24 14:43:07: %SEC-6-IPACCESSLOGP: list flow denied udp 192.168.10.10(137) -> 192.168.11.10(137), 5 packets ||147696 10.10.10.11||local7||notice||notice||bd||2014-06-24 16:43:16||2014 Jun 24 16:43:16.724 CEST: %SYSMGR-5-CFGWRITE_STARTED: Configuration copy started (PID 2143).||
I see an ip-addresses instead of a hostname in your first field here. iirc observium can only work with hostnames and especially needs the hostname in the first field to be identical to the one in the database (i.e. with or without FQDN), therefor I set
use_dns(yes) and use_fqdn(no) instead of keep_hostname(yes) like it is written in the manual.
It total it looks like this for me:
options { chain_hostnames(off); flush_lines(0); use_dns(yes); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); };
But you can also set a hostname in nx-os and redefine the logging very fine granular.
/Steffen