Hi Mike, I already tried this. Does not work for me. No debug-file is written to logs/-directory...
/Markus
2014-10-07 13:21 GMT+02:00 Mike Stupalov mike@observium.org:
On 07.10.2014 14:58, Markus Klock wrote:
We are using syslog-ng
Enable syslog debug, in config.php add: $config['syslog']['debug'] = TRUE; // If TRUE store RAW syslog lines into logs/debug.log file
restart syslog-ng service, wait when log file debug.log will be created in dir logs/ and specific syslog lines (with messages which should be filtered) added.
Send to me (not list) this file logs/debug.log and your config.php (without any password information).
after, do not forget to remove from the config $config['syslog']['debug']..
/Markus
2014-10-07 12:32 GMT+02:00 Ben Steele ben@bensteele.org:
What syslog daemon are you using?
On Tue, Oct 7, 2014 at 8:36 PM, Markus Klock markus@best-practice.se wrote:
Am I the only one with these issues? Syslog filters works fine for everyone else? A single $config['syslog']['filter'][] = 'Cable'; should filter out all syslog-lines who contains the word Cable right?
/Markus
2014-09-30 13:43 GMT+02:00 Markus Klock markus@best-practice.se:
Got a little frustraded and added this to the config.php: $config['syslog']['filter'][] = 'Wideband-Cable'; $config['syslog']['filter'][] = 'Wideband*Cable'; $config['syslog']['filter'][] = '*Wideband*Cable*'; $config['syslog']['filter'][] = '.*Wideband.*Cable.*'; $config['syslog']['filter'][] = 'Interface Wideband'; $config['syslog']['filter'][] = 'unregistered'; $config['syslog']['filter'][] = 'Cable'; $config['syslog']['filter'][] = 'Modem'; and restarted the syslog-service (also copied from syslog output to prevent typo and stupid symbols)
Still no result :(
2014-09-30 11:00 GMT+02:00 Mike Stupalov mike@observium.org:
On 30.09.2014 10:53, Markus Klock wrote:
Hmm, still no workie :( Added this to my config.php: $config['syslog']['filter'][] = "Wideband-Cable"; $config['syslog']['filter'][] = "Cabel Modem";
I think you need copy-paste strings from syslog page. As I see:
- $config['syslog']['filter'][] = "Cabel Modem";
- $config['syslog']['filter'][] = "Cable Modem";
In first string may used a different dash symbol..
then did a service restart of syslog-ng. but still get these:
/Markus
2014-09-29 17:04 GMT+02:00 Tom Laermans tom.laermans@powersource.cx:
Yes, syslog.php keeps running with an open pipe, regardless of the syslog software used. So it needs to be killed so it can respawn.
Tom
On 09/29/2014 04:41 PM, Mike Stupalov wrote:
On 29.09.2014 18:28, Markus Klock wrote:
Ah! I use syslog-ng but i presume its the same deal?
Yes I think, but i never used syslog-ng :)
Thanks Mike! /Markus
Från: Mike Stupalov mike@observium.org Skickat: 2014-09-29 15:15 Till: Observium Network Observation System observium@observium.org Ämne: Re: [Observium] Syslog filters
On 29.09.2014 15:50, Markus Klock wrote:
I also have this filter: $config['syslog']['filter'][] = 'Wideband-Cable';
but still get:
Am I doing something wrong or is the syslog-filter not working properly? I am at r5835 btw.
You use rsyslog as syslog collector?
Than after change any syslog options in observium you should reload rsyslog service:
$ service rsyslog reload
because options (also filters) initialized only on first run.
/Markus
2014-09-29 13:15 GMT+02:00 Markus Klock markus@best-practice.se:
> Well, might be but not according to the config examples: > http://observium.org/wiki/Configuration_Options#Syslog_Settings > > /Markus > > 2014-09-29 13:05 GMT+02:00 Peter Persson <peter.persson@bredband2.se > >: > >> I dont use this, but it might be regexp? So a "/" in the end? >> >> 2014-09-29 12:46 GMT+02:00 Markus Klock markus@best-practice.se: >> >>> Hello! >>> I'm trying to apply some syslog-filters and have for example added >>> this to my config.php: >>> $config['syslog']['filter'][] = 'ROUTING-MLDP-5-BRANCH'; >>> $config['syslog']['filter'][] = "Successfully authenticated user >>> 'rancid'"; >>> >>> However I still get messages containing these strings >>> >>> >>> Do I need some kind of wildcard or what could be wrong? >>> >>> BR, >>> Markus >>> >>> _______________________________________________ >>> observium mailing list >>> observium@observium.org >>> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium >>> >>> >> >> _______________________________________________ >> observium mailing list >> observium@observium.org >> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium >> >> >
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalovhttp://observium.org
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalovhttp://observium.org
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalovhttp://observium.org
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalovhttp://observium.org
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
