Hi folks,
Just fyi really - we managed to fix the problem eventually.
The settings were correct (following Observium documentation) but still not working. We changed the rsyslog settings to what rsyslog suggested as default, which broke the syslog entirely, so we changed them back to be in line with Observium documentation... hey presto the syslog worked again and suddenly the alerting did too!
Not sure why it didn't work in the first place, perhaps a restart of the rsyslog service may have done the trick too.
Cheers for your help.
Sam
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Kirk Sam (IT Network Engineer) Sent: 03 November 2016 11:09 To: 'Observium Network Observation System' Subject: Re: [Observium] Syslog Rules
Hi Alex,
Cheers for your reply! I've had a look at the mailing settings, but we've got other alerts working fine and sending emails (as part of the alert checkers, so temperature sensors, cpu usage, etc). It's as you've mentioned - I'm not getting anything on the syslog_alerts page at all.
An example message in the syslog is like this: [cid:image002.png@01D239DF.ED92D940]
So, to try and trigger a rule (just as an example), I've got a rule set up like this: [cid:image003.jpg@01D239DF.ED92D940]
I'm thinking that should trigger an alert but I'm getting a 'no logging alert entries found' message instead. I must be missing something blindingly obvious but I can't tell what. Is there something that needs enabling in config.php for the rules to take affect?
Cheers, Sam
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Alex Winder Sent: 03 November 2016 10:40 To: 'Observium Network Observation System' Subject: Re: [Observium] Syslog Rules
Hi Sam,
I've got Syslog alerting working. Make sure you have your mailing settings correct, we did this in the config.php.
As for rules we followed some of the ones on the Observium documentation, but have also defined some of our own. I really like the simplicity of how you can define new rules, just look for things that commonly occur on an event and enclose them in /s.
[cid:image004.jpg@01D239DF.ED92D940]
Are your rules working? Does anything show up in /syslog_alerts/? If there's items in there then it's working as expected and it's your mail set-up which is the problem.
Regards, Alex.
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Kirk Sam (RXW) IT Network Engineer Sent: 03 November 2016 10:09 To: 'observium@observium.org' <observium@observium.orgmailto:observium@observium.org> Subject: [Observium] Syslog Rules
Hi All,
Has anyone used the syslog rules/alerts yet? I've tried setting up some simple rules to alert if there are particular messages in the syslog but haven't managed to get any to trigger.
I've tried making the rules even simpler, for example setting the rule to /port/ (which occurs in the syslog often) and haven't had it trigger either. If I browse to the syslog and use the message search function it does return results.
The syslog has been configured and in use for some time - one of my colleagues set it up and followed the syslog integration guide. Is there any further configuration needed for the syslog rules to enable them or something?
Many thanks for your help.
Regards, Sam
