I'm pretty sure there was some changes somewhat recently which is not in
CE version. Are you running CE?
On 19/09/14 17:39, Markus Klock wrote:
> Thanks for the replys,
> thats strange. Using the default config for syslog I get syslog from my
> IOS-devices but not the IOS-XR ones, I have verified that they are received
> at the observium-box using tcpdump...
> Is there any way to debug observium syslog parsing?
>
> /Markus
>
> 2014-09-19 15:28 GMT+02:00 Tim Calvin <tcalvin@tlsn.net>:
>
>> I can confirm working syslog integration between the latest Observium
>> version and several ASR9K’s running various versions of IOS-XR.
>>
>> Didn’t need to do anything special.
>>
>> Here is excerpt from syslog-ng.conf
>>
>> destination d_observium {
>> program("/opt/observium/syslog.php" template
>> ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY
>> $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
>> };
>> log {
>> source(s_net);
>> destination(d_observium);
>> };
>>
>>
>> I guess Observium is doing an IP lookup as you mentioned to match the
>> hostname I have in Observium. The configured hostnames in the routers do
>> not match what I have in Observium. I probably need to change that but it
>> is currently working.
>>
>> I just need the following config in the ASR9K’s pointing to Observium
>>
>> logging 192.168.1.1 vrf default
>>
>>
>>
>>
>> From: Markus Klock <markus@best-practice.se>
>> Reply-To: "observium@observium.org" <observium@observium.org>
>> Date: Friday, September 19, 2014 at 12:36 AM
>> To: "observium@observium.org" <observium@observium.org>
>> Subject: [Observium] syslog-ng implementation and Cisco ASR9K
>>
>> Hey guys!
>> I´m setting up syslog-ng implementation and it works great for all my
>> Cisco IOS-devices, however most of the devices in my network is Cisco
>> ASR9K-routers running IOS-XR and it seems syslog from them wont go in to
>> Observium.
>> I did a quick look in the syslog-messages from the ASR9Ks and it seems
>> IOS-XR actrually don't use its hostname as hostname but instead use its
>> active routeprocessors name (wtf cisco?!) making the syslog messages look
>> something like this:
>>
>> RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
>>
>> Now there is a command that let you add a "hostname prefix" to the syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
>>
>> router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
>>
>> This of course makes it impossible for Observium to match the syslogged hostname to a hostname in the database.
>>
>> I took a look in the observium syslog-code and if I understand it correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
>>
>> In that case maybe I could change the syslog-ng template that forwards the data to Observium to instead use source IP instead of hostname?
>>
>> destination d_observium {
>> program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
>>
>> I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
>>
>> Am I even on the right track here? Could something like this work to make my idiotic ASR9Ks show up in the Observium syslog?
>>
>> Thanks in advance for any advice
>>
>> /Markus
>>
>>
>> _______________________________________________
>> observium mailing list
>> observium@observium.org
>> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
>>
>>
>
>
>
> _______________________________________________
> observium mailing list
> observium@observium.org
> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
>
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium