Problem solved! It seems my "service syslog-ng restart" never acutally succeded in restarting syslog-ng. I did a killall syslog-ng and then started it again. Now I get the debug and the syslog-filters from my config.php is working :) /Markus
2014-10-07 13:56 GMT+02:00 Markus Klock markus@best-practice.se:
Im on r5874.
root@srv-observ-1:~# ls -lh /opt/observium/ | grep logs drwxrwxrwx 2 www-data www-data 4.0K Sep 5 12:40 logs
/Markus
2014-10-07 13:53 GMT+02:00 Mike Stupalov mike@observium.org:
On 07.10.2014 15:50, Markus Klock wrote:
Hi Mike, I already tried this. Does not work for me. No debug-file is written to logs/-directory...
which observium version?
$ sudo chmod 777 logs
/Markus
2014-10-07 13:21 GMT+02:00 Mike Stupalov mike@observium.org:
On 07.10.2014 14:58, Markus Klock wrote:
We are using syslog-ng
Enable syslog debug, in config.php add: $config['syslog']['debug'] = TRUE; // If TRUE store RAW syslog lines into logs/debug.log file
restart syslog-ng service, wait when log file debug.log will be created in dir logs/ and specific syslog lines (with messages which should be filtered) added.
Send to me (not list) this file logs/debug.log and your config.php (without any password information).
after, do not forget to remove from the config $config['syslog']['debug']..
/Markus
2014-10-07 12:32 GMT+02:00 Ben Steele ben@bensteele.org:
What syslog daemon are you using?
On Tue, Oct 7, 2014 at 8:36 PM, Markus Klock markus@best-practice.se wrote:
Am I the only one with these issues? Syslog filters works fine for everyone else? A single $config['syslog']['filter'][] = 'Cable'; should filter out all syslog-lines who contains the word Cable right?
/Markus
2014-09-30 13:43 GMT+02:00 Markus Klock markus@best-practice.se:
Got a little frustraded and added this to the config.php: $config['syslog']['filter'][] = 'Wideband-Cable'; $config['syslog']['filter'][] = 'Wideband*Cable'; $config['syslog']['filter'][] = '*Wideband*Cable*'; $config['syslog']['filter'][] = '.*Wideband.*Cable.*'; $config['syslog']['filter'][] = 'Interface Wideband'; $config['syslog']['filter'][] = 'unregistered'; $config['syslog']['filter'][] = 'Cable'; $config['syslog']['filter'][] = 'Modem'; and restarted the syslog-service (also copied from syslog output to prevent typo and stupid symbols)
Still no result :(
2014-09-30 11:00 GMT+02:00 Mike Stupalov mike@observium.org:
> On 30.09.2014 10:53, Markus Klock wrote: > > Hmm, still no workie :( > Added this to my config.php: > $config['syslog']['filter'][] = "Wideband-Cable"; > $config['syslog']['filter'][] = "Cabel Modem"; > > I think you need copy-paste strings from syslog page. > As I see: > - $config['syslog']['filter'][] = "Cabel Modem"; > + $config['syslog']['filter'][] = "Cable Modem"; > > In first string may used a different dash symbol.. > > > then did a service restart of syslog-ng. > but still get these: > > /Markus > > 2014-09-29 17:04 GMT+02:00 Tom Laermans <tom.laermans@powersource.cx > >: > >> Yes, syslog.php keeps running with an open pipe, regardless of >> the syslog software used. So it needs to be killed so it can respawn. >> >> Tom >> >> >> On 09/29/2014 04:41 PM, Mike Stupalov wrote: >> >> On 29.09.2014 18:28, Markus Klock wrote: >> >> Ah! >> I use syslog-ng but i presume its the same deal? >> >> Yes I think, but i never used syslog-ng :) >> >> Thanks Mike! >> /Markus >> ------------------------------ >> Från: Mike Stupalov mike@observium.org >> Skickat: 2014-09-29 15:15 >> Till: Observium Network Observation System >> observium@observium.org >> Ämne: Re: [Observium] Syslog filters >> >> On 29.09.2014 15:50, Markus Klock wrote: >> >> I also have this filter: >> $config['syslog']['filter'][] = 'Wideband-Cable'; >> >> but still get: >> >> >> Am I doing something wrong or is the syslog-filter not working >> properly? >> I am at r5835 btw. >> >> >> You use rsyslog as syslog collector? >> >> Than after change any syslog options in observium you should reload >> rsyslog service: >> >> $ service rsyslog reload >> >> because options (also filters) initialized only on first run. >> >> >> /Markus >> >> 2014-09-29 13:15 GMT+02:00 Markus Klock markus@best-practice.se: >> >>> Well, might be but not according to the config examples: >>> http://observium.org/wiki/Configuration_Options#Syslog_Settings >>> >>> /Markus >>> >>> 2014-09-29 13:05 GMT+02:00 Peter Persson < >>> peter.persson@bredband2.se>: >>> >>>> I dont use this, but it might be regexp? So a "/" in the end? >>>> >>>> 2014-09-29 12:46 GMT+02:00 Markus Klock <markus@best-practice.se >>>> >: >>>> >>>>> Hello! >>>>> I'm trying to apply some syslog-filters and have for example >>>>> added this to my config.php: >>>>> $config['syslog']['filter'][] = 'ROUTING-MLDP-5-BRANCH'; >>>>> $config['syslog']['filter'][] = "Successfully authenticated user >>>>> 'rancid'"; >>>>> >>>>> However I still get messages containing these strings >>>>> >>>>> >>>>> Do I need some kind of wildcard or what could be wrong? >>>>> >>>>> BR, >>>>> Markus >>>>> >>>>> _______________________________________________ >>>>> observium mailing list >>>>> observium@observium.org >>>>> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> observium mailing list >>>> observium@observium.org >>>> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium >>>> >>>> >>> >> >> >> _______________________________________________ >> observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium >> >> >> >> -- >> Mike Stupalovhttp://observium.org >> >> >> >> _______________________________________________ >> observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium >> >> >> >> -- >> Mike Stupalovhttp://observium.org >> >> >> >> _______________________________________________ >> observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium >> >> >> >> _______________________________________________ >> observium mailing list >> observium@observium.org >> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium >> >> > > > _______________________________________________ > observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium > > > > -- > Mike Stupalovhttp://observium.org > > > _______________________________________________ > observium mailing list > observium@observium.org > http://postman.memetic.org/cgi-bin/mailman/listinfo/observium > >
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalovhttp://observium.org
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalovhttp://observium.org
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
