Hello there,
I did some tests and I think the problem might be in the fact that different devices send logs in different formats. Here are some examples of the log messages received by syslog-ng. Some messages are well formatted, at least well enough to be understood by syslog.php. Other messages fail to be parsed by syslog.php (please note the different formatting styles of the original messages).
Cisco IOS log DOES WORK: Incoming log entry; line='<189>311210: Apr 8 00:12:06.251 UTC: %PARSER-5-CFGLOG_LOGGEDCMD: User:john logged command:exit'
Cisco NX-OS log DOES NOT WORK: Incoming log entry; line='<188>: 2014 Apr 8 00:10:14.043 MST: %OSPFV3-4-PKTLEN_ERR: ospfv3-1 [3906] (default) Packet received from .. etc.'
Brocade RX log DOES NOT WORK: Incoming log entry; line='<13>Apr 8 00:12:46 Switch.Device.Name, OSPFv3 originate LSA... etc.'
Is there anything I am missing? Can I standardize my device messages at the origin? Does the observium parser need further improvement?
Best regards,
Marco
Met vriendelijke groet/ Kind regards,
Marco Spicuglia
Network engineer - Programmer
ReasonNet B.V. Gyroscoopweg 134 - 140 1042AZ Amsterdam W. www.reasonnet.com E. Marco.Spicuglia@reasonnet.com T. F.
ReasonNet zoekt datacenter support engineers. Ga voor deze en andere interessante vacatures binnen ReasonNet naar http://www.reasonnet.com/nieuws
ReasonNet, shall not be liable for damages resulting from the use of electronic means of communication, including -but not limited to- damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses and other malicious code.________________________________________ From: observium [observium-bounces@observium.org] On Behalf Of Swen Veckes [s.veckes@de.kddi.com] Sent: 31 March 2014 18:17 To: Observium Network Observation System Cc: Observium Network Observation System Subject: Re: [Observium] Remote SysLogging
Same here, just found out today. I need to check details, but so far syslog-ng seems fine.
Oberservium running on subscription.
Swen
Von meinem iPhone gesendet
Am 31.03.2014 um 17:40 schrieb Marco Spicuglia Marco.Spicuglia@reasonnet.com:
Hello there,
it seems that I have some issues with remote syslogging. Some network devices work well, some others don't. The problem seems to be related to the Observium host, I think, as running
syslog-ng -Fevd
on my observium server, shows that log entries are coming in also from the devices that do not have any log entry in the GUI. It seems that syslog-ng gets the log entries, but they do not get properly passed to Observium, for some reason, at least for some devices. Therefore, those entries do not show up in the mysql database and thus neither in the GUI.
I had this problem also on two other Observium hosts I have tried, but only since an upgrade I performed around October 2013. Before it was working fine for all those devices.
Anything I can check/do for fixing this?
Thanks in advance for your help.
Best regards, Marco
Met vriendelijke groet/ Kind regards,
Marco Spicuglia
Network engineer - Programmer
ReasonNet B.V. Gyroscoopweg 134 - 140 1042AZ Amsterdam W. www.reasonnet.com E. Marco.Spicuglia@reasonnet.com T. F.
ReasonNet zoekt datacenter support engineers. Ga voor deze en andere interessante vacatures binnen ReasonNet naar http://www.reasonnet.com/nieuws
ReasonNet, shall not be liable for damages resulting from the use of electronic means of communication, including -but not limited to- damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses and other malicious code. _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium