Rory Schramm <etfeet@gmail.com> 31 декабря 2013 г. 13:18:54 написал:

Hi,

I have syslog setup in observium with a cisco 1841. However, I'm trying to get it to process nat messages but they arn't showing up correctly. I'm using syslog-ng for syslog.

ie

192.168.2.1||local2||info||info||96||2013-12-31 00:53:15||5d00h: %IPNAT-6-DELETED: tcp 10.10.10.118:62249 192.168.12.1:62249 192.168.33.30:80 192.168.33.30:80||99

gets truncated too

2013-12-31 00:53:15 (info) 62249 192.168.12.1:62249 192.168 :

This only happens for the nat messages.

ie

192.168.2.1||local2||notice||notice||95||2013-12-31 01:13:05||5d01h: %SYS-5-CONFIG_I: Configured from console by console||100

shows up as

2013-12-31 01:13:05 (notice) SYS-5-CONFIG_I : Configured from console by console

The raw nat syslog messages look like the following (aka not filtered by syslog-ng for observium):

Dec 31 01:16:59 192.168.2.1 101: 5d01h: %IPNAT-6-CREATED: tcp 10.10.10.118:62713 192.168.12.1:62713 192.168.33.30:80 192.168.33.30:80

config settings:

syslog-ng.conf

options {

chain_hostnames(0);

time_reopen(10);

time_reap(360);

#sync(0);

log_fifo_size(2048);

create_dirs(yes);

#owner(root);

group(adm);

perm(0640);

#dir_owner(root);

#dir_group(root);

dir_perm(0755);

use_dns(no);

#dns_cache(yes);

#log_msg_size(2048);

stats_freq(0);

bad_hostname("^gconfd$");

};

source s_net { udp (); };

destination df_router { file("/var/log/router"

template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n")

template-escape(yes));

};

destination d_observium {

program("/opt/observium/syslog.php"

template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n")

template-escape(yes));

};

log {

source(s_net);

filter(router_f);

destination(df_router);

};

filter router_f {host(192.168.2.1); };

observium.conf:

$config['enable_syslog'] = 1;

Kind Regards,

Rory

--
Mike Stupalov
http://observium.org/