On 22.01.2015 11:43, Patrick Marquetecken wrote:
Mike,
Ok, I had activated the tcp forwarding @@ and not the upd @ from the remote servers.
When I do a tcpdump -i eth0 udp port 514 I see now 3 servers sending there information.
smtp-01, fw-01 and web-01
09:33:36.456070 IP smtp-01.58878 > mon-02.syslog: SYSLOG local4.debug, length: 63 09:33:37.194493 IP fw-01.48762 > mon-02.syslog: SYSLOG kernel.info, length: 212 09:40:01.295382 IP web-01.53940 > mon-02.syslog: SYSLOG cron.info, length: 75
I can see the syslogs now for the server snmp-01 (perfect) but for server fw-01, and web-01 I don't see anything in Observium.
the names of those server are excact as in the device table hostname.
Any idea how to debug this ?
When you use %fromhost-ip%, correct device detected by IP address from DB. Then this IP addresses should be founded in "ipv4/6-addresses" discovery modules. You can check that this diveces have IP addresses in "Search IP addresses" page: http://observium/search/search=ipv4/
Mike Stupalov schreef op 22/01/15 om 09:04:
In DB are stored syslog entries only from remote devices (udp), not from local system.
On Thu, Jan 22, 2015 at 10:36 AM, Patrick Marquetecken <patrick@marquetecken.be mailto:patrick@marquetecken.be> wrote:
Hi All, I'm having trouble to get the rsyslog working. I have followed the guide http://www.observium.org/wiki/Rsyslog_Syslog_Server but used the %fromhost-ip% . And rebooted rsyslog service. When I do a tail of /var/log/messages (i'm using a centos 6.4) I see the log files from my others server coming in, but none is going to the database. Jan 22 08:31:12 smtp postfix/anvil[6320]: Jan 22 08:27:38 app-05 postfix/postqueue[28297]: Jan 22 08:31:24 db-02 postfix/postqueue[25382]: Jan 22 07:52:56 fw-01 postfix/postqueue[18540]: Jan 22 08:31:36 proxy-01 postfix/postqueue[16781]: Jan 22 08:31:40 app-01 postfix/postqueue[17602]: Jan 22 08:31:39 db-01 postfix/postqueue[17506]: Jan 22 08:28:06 voip-02 postfix/postqueue[29870]: Jan 22 08:27:48 nas-02 postfix/postqueue[30007]: config.php $config['enable_syslog'] = 1; $config['syslog']['fifo'] = FALSE; $config['syslog']['debug'] = TRUE; syslog.php logfile('logs/debug.log', $line); debug.log This file stays empty unless i run syslog.php at hand then I see this: [2015/01/20 17:03:31 +0100] syslog.php(15435): Can someone please advice to get this working. Thanks _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- Mike Stupalov http://observium.org/
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium