What template did you use on 14.04.1 with rsyslog? its still filtering cisco syslog here :)


On 25 August 2014 09:55, Robert Williams <Robert@custodiandc.com> wrote:

Hi – it’s working for us in 14.04.1 - overall it was much better at getting the events in than syslog-ng, so thanks for that Mike J

 

Cheers!

 

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Wouter Prins
Sent: 24 August 2014 08:44
To: mike@observium.org; Observium Network Observation System
Subject: Re: [Observium] Syslog msg empty temporary fix

 

Hi Mike,

Is this config working for you in 14.04.1?

 

On 20 August 2014 07:14, Mike Stupalov <mike@observium.org> wrote:

 

.. or just use Rsyslog because it is in base Ubuntu system:
http://observium.org/wiki/Rsyslog_Syslog_Server

 

On Wed, Aug 20, 2014 at 1:18 AM, Robert Williams <Robert@custodiandc.com> wrote:

Hi,

Further to Pav's comments earlier, I’ve found that setting the “no-parse” flag in syslog-ng stops it from messing with the string and restores some reasonable sanity to the messages which get passed to Observium. Clearly something has changed within syslog-ng from Ubuntu 12->14 and this new issue is nothing to do with the Observium-importing-the-message element.

For anyone suffering the same fate, the actual setting syntax to be used within the Observium definition for syslog-ng is:

source s_net {
    udp(flags(no-parse));
};

This restores 100% normal message structure for /most/ of the devices I’ve just tested with, including all the IOS 15.x ones which had all started showing simply "%" as the message content.

The ones which are still a little bit broken are the IOS-XR based units as they seem to pass a load of process name, event log number, process number, favourite colour and other random crap in the “message” element. However, they were all a bit broken before all this anyway to be fair.

I can see that within the /includes/syslog.php there is a rather extensive section of preg_match/replace for a number of $os types. So I guess the best way forwards to sanitise the extra IOS-XR crap is to build it in there and submit a patch. Although I have a feeling that IOS and IOS-XR count as the same $OS type? So we won't necessarily be able to filter the manipulation using that to match them.

Anyway, if we make any progress with it we’ll let you know!

Cheers guys,



Robert Williams
Custodian Data Centre
Email: Robert@CustodianDC.com
http://www.CustodianDC.com

Robert Williams
Custodian Data Centre
Email: Robert@CustodianDC.com
http://www.CustodianDC.com

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 


--
Mike Stupalov
http://observium.org/

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium




--
Wouter Prins
wp@null0.nl


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium




--
Wouter Prins
wp@null0.nl