Hi,

I have syslog setup in observium with a cisco 1841. However, I'm trying to get it to process nat messages but they arn't showing up correctly. I'm using syslog-ng for syslog.


ie

192.168.2.1||local2||info||info||96||2013-12-31 00:53:15||5d00h: %IPNAT-6-DELETED: tcp 10.10.10.118:62249 192.168.12.1:62249 192.168.33.30:80 192.168.33.30:80||99

gets truncated too

2013-12-31 00:53:15(info) 62249 192.168.12.1:62249 192.168 :

This only happens for the nat messages.

ie

192.168.2.1||local2||notice||notice||95||2013-12-31 01:13:05||5d01h: %SYS-5-CONFIG_I: Configured from console by console||100

shows up as

2013-12-31 01:13:05(notice) SYS-5-CONFIG_I : Configured from console by console

The raw nat syslog messages look like the following (aka not filtered by syslog-ng for observium):

Dec 31 01:16:59 192.168.2.1 101: 5d01h: %IPNAT-6-CREATED: tcp 10.10.10.118:62713 192.168.12.1:62713 192.168.33.30:80 192.168.33.30:80

config settings:

syslog-ng.conf

options {
        chain_hostnames(0);
        time_reopen(10);
        time_reap(360);
        #sync(0);
        log_fifo_size(2048);
        create_dirs(yes);
        #owner(root);
        group(adm);
        perm(0640);
        #dir_owner(root);
        #dir_group(root);
        dir_perm(0755);
        use_dns(no);
        #dns_cache(yes);
        #log_msg_size(2048);
        stats_freq(0);
        bad_hostname("^gconfd$");
};
source s_net { udp (); };

destination df_router { file("/var/log/router"
template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n")
template-escape(yes));
};

destination d_observium {
    program("/opt/observium/syslog.php"
template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n")
template-escape(yes));
};

log {
source(s_net);
filter(router_f);
destination(df_router);
};

filter router_f {host(192.168.2.1); };



observium.conf:

$config['enable_syslog']   = 1;


Kind Regards,

Rory