Hi.
I know this problem. They was fixed in my devel env. I will commit fix after our (russian) holidays. ;)
Rory Schramm <etfeet@gmail.com> 31 декабря 2013 г. 13:18:54 написал:
Hi,I have syslog setup in observium with a cisco 1841. However, I'm trying to get it to process nat messages but they arn't showing up correctly. I'm using syslog-ng for syslog.ie192.168.2.1||local2||info||info||96||2013-12-31 00:53:15||5d00h: %IPNAT-6-DELETED: tcp 10.10.10.118:62249 192.168.12.1:62249 192.168.33.30:80 192.168.33.30:80||99
gets truncated too
2013-12-31 00:53:15 (info) 62249 192.168.12.1:62249 192.168 : This only happens for the nat messages.ie192.168.2.1||local2||notice||notice||95||2013-12-31 01:13:05||5d01h: %SYS-5-CONFIG_I: Configured from console by console||100shows up as
2013-12-31 01:13:05 (notice) SYS-5-CONFIG_I : Configured from console by console The raw nat syslog messages look like the following (aka not filtered by syslog-ng for observium):Dec 31 01:16:59 192.168.2.1 101: 5d01h: %IPNAT-6-CREATED: tcp 10.10.10.118:62713 192.168.12.1:62713 192.168.33.30:80 192.168.33.30:80
config settings:syslog-ng.confoptions {chain_hostnames(0);time_reopen(10);time_reap(360);#sync(0);log_fifo_size(2048);create_dirs(yes);#owner(root);group(adm);perm(0640);#dir_owner(root);#dir_group(root);dir_perm(0755);use_dns(no);#dns_cache(yes);#log_msg_size(2048);stats_freq(0);bad_hostname("^gconfd$");};source s_net { udp (); };destination df_router { file("/var/log/router"template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n")template-escape(yes));};destination d_observium {program("/opt/observium/syslog.php"template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n")template-escape(yes));};log {source(s_net);filter(router_f);destination(df_router);};filter router_f {host(192.168.2.1); };
observium.conf:$config['enable_syslog'] = 1;Kind Regards,Rory