Mike,

It's working apparently is was just inpatient.

Thanks for your help.

Patrick

Mike Stupalov schreef op 22/01/15 om 10:31:
On 22.01.2015 11:43, Patrick Marquetecken wrote:
Mike,

Ok, I had activated the tcp forwarding @@ and not the upd @ from the remote servers.

When I do a tcpdump -i eth0 udp port 514
I see now 3 servers sending there information.

smtp-01, fw-01 and web-01

09:33:36.456070 IP smtp-01.58878 > mon-02.syslog: SYSLOG local4.debug, length: 63
09:33:37.194493 IP fw-01.48762 > mon-02.syslog: SYSLOG kernel.info, length: 212
09:40:01.295382 IP web-01.53940 > mon-02.syslog: SYSLOG cron.info, length: 75

I can see the syslogs now for the server snmp-01 (perfect)
but for server fw-01, and web-01 I don't see anything in Observium.

the names of those server are excact as in the device table hostname.

Any idea how to debug this ?

When you use %fromhost-ip%, correct device detected by IP address from DB.
Then this IP addresses should be founded in "ipv4/6-addresses" discovery modules.
You can check that this diveces have IP addresses in "Search IP addresses" page:
http://observium/search/search=ipv4/



Mike Stupalov schreef op 22/01/15 om 09:04:
In DB are stored syslog entries only from remote devices (udp), not from local system.

On Thu, Jan 22, 2015 at 10:36 AM, Patrick Marquetecken <patrick@marquetecken.be> wrote:
Hi All,

I'm having trouble to get the rsyslog working.

I have followed the guide http://www.observium.org/wiki/Rsyslog_Syslog_Server but used the %fromhost-ip% .

And rebooted rsyslog service.

When I do a tail of /var/log/messages (i'm using a centos 6.4) I see the log files from my others server coming in, but none is going to the  database.

Jan 22 08:31:12 smtp postfix/anvil[6320]:
Jan 22 08:27:38 app-05 postfix/postqueue[28297]:
Jan 22 08:31:24 db-02 postfix/postqueue[25382]:
Jan 22 07:52:56 fw-01 postfix/postqueue[18540]:
Jan 22 08:31:36 proxy-01 postfix/postqueue[16781]:
Jan 22 08:31:40 app-01 postfix/postqueue[17602]:
Jan 22 08:31:39 db-01 postfix/postqueue[17506]:
Jan 22 08:28:06 voip-02 postfix/postqueue[29870]:
Jan 22 08:27:48 nas-02 postfix/postqueue[30007]:


config.php
$config['enable_syslog'] = 1;
$config['syslog']['fifo']  = FALSE;
$config['syslog']['debug']      = TRUE;


syslog.php
 logfile('logs/debug.log', $line);


debug.log
This file stays empty unless i run syslog.php at hand then I see this:
[2015/01/20 17:03:31 +0100] syslog.php(15435):



Can someone please advice to get this working.

Thanks



_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium




--
Mike Stupalov
http://observium.org/


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium




_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



-- 
Mike Stupalov
http://observium.org


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium