Pretty colours :) 

All works, Only issues ive spotted:

1. changing syslog facility does nothing in observium, is this correct?

2. Keeps puttying login as the program, BUT login is actually part of the message, as it should read, ‘login failure for user...'

[2018/03/23 12:37:57 +0000] syslog.php(25820): Virtuozzo||daemon||0||emerg||18||2018-03-23 12:37:57||failure for user admin from 62.xxx.xxx.138 via winbox||login
[2018/03/23 12:38:01 +0000] syslog.php(25820): Virtuozzo||daemon||1||alert||19||2018-03-23 12:38:01||failure for user admin from 62.xxx.xxx.138 via winbox||login
[2018/03/23 12:38:05 +0000] syslog.php(25820): Virtuozzo||daemon||2||crit||1a||2018-03-23 12:38:05||failure for user admin from 62.xxx.xxx.138 via winbox||login
[2018/03/23 12:38:13 +0000] syslog.php(25820): Virtuozzo||daemon||3||err||1b||2018-03-23 12:38:13||failure for user admin from 62.xxx.xxx.138 via winbox||login
[2018/03/23 12:38:20 +0000] syslog.php(25820): Virtuozzo||daemon||4||warning||1c||2018-03-23 12:38:20||failure for user admin from 62.xxx.xxx.138 via winbox||login
[2018/03/23 12:38:24 +0000] syslog.php(25820): Virtuozzo||daemon||5||notice||1d||2018-03-23 12:38:24||failure for user admin from 62.xxx.xxx.138 via winbox||login
[2018/03/23 12:38:29 +0000] syslog.php(25820): Virtuozzo||daemon||6||info||1e||2018-03-23 12:38:29||failure for user admin from 62.xxx.xxx.138 via winbox||login
[2018/03/23 12:38:33 +0000] syslog.php(25820): Virtuozzo||daemon||7||debug||1f||2018-03-23 12:38:33||failure for user admin from 62.xxx.xxx.138 via winbox||login

Simon

On 23 Mar 2018, at 12:24, Mike Stupalov <mike@observium.org> wrote:

Can you show me more hidpi image?
I'm not see what in tag parts :)

Markus Klock wrote:
Oh, ok, looks like this for me.
core-router 1/2 = Juniper MX80
hq-sw = HP Procurve
rack-sw1 = Cisco Catalyst

/Markus


2018-03-23 12:55 GMT+01:00 Mike Stupalov <mike@observium.org
<mailto:mike@observium.org>>:

   Image seems as not included in previous mail..

   Markus Klock wrote:
How is it supposed to look? and what are the tags?
/Markus

2018-03-23 12:16 GMT+01:00 Mike Stupalov <mike@observium.org
   <mailto:mike@observium.org>
<mailto:mike@observium.org <mailto:mike@observium.org>>>:

   Try latest revision, this should be fixed.

   if you find more syslog parse errors, also attach this debug
   lines for
   example.

   Simon Mousey Smith wrote:
Hi

Glad to be of help

I have restarted the syslog-ng to refresh the syslog.php
   file is uses

but same thing, every so often is just puts stuff in thats NOT
   even related to the actually entry?

Looking forward to improvement :)

Regards

Simon

On 23 Mar 2018, at 09:15, Mike Stupalov
   <mike@observium.org <mailto:mike@observium.org>
   <mailto:mike@observium.org <mailto:mike@observium.org>>> wrote:

Tnx, I will fix this soon..

Simon Mousey Smith wrote:
Hi,

I have the debug.log enabled for the syslog

The lines for those entries show:

[2018/03/23 07:48:39 +0000] syslog.php(30578):
217.149.xx.2||user||5||notice||0d||2018-03-23
   07:48:39||dhcp105
assigned 192.168.58.84 to 80:BE:05:7A:73:6E||dhcp,info
[2018/03/23 07:49:34 +0000] syslog.php(30578):
217.149.xx.2||user||5||notice||0d||2018-03-23
   07:49:34||dhcp105
deassigned 192.168.58.77 from 1C:91:48:13:DE:A8||dhcp,info
[2018/03/23 07:50:43 +0000] syslog.php(30578):
79.78.xx.117||user||5||notice||0d||2018-03-23
   07:50:43||dhcp101
assigned 192.168.101.14 to E4:7D:BD:BB:09:37||dhcp,info
[2018/03/23 07:51:09 +0000] syslog.php(30578):
217.149.xx.2||user||5||notice||0d||2018-03-23
   07:51:09||dhcp105
deassigned 192.168.58.62 from 58:48:22:84:AA:DD||dhcp,info
[2018/03/23 07:51:48 +0000] syslog.php(30578):
217.149.xx.2||user||5||notice||0d||2018-03-23
   07:51:48||dhcp104
assigned 192.168.48.4 to 70:DE:E2:80:50:22||dhcp,info
[2018/03/23 07:51:52 +0000] syslog.php(30578):
79.78.xx.105||user||5||notice||0d||2018-03-23 07:51:52||dhcp1
   assigned
192.168.1.152 to AC:5F:3E:2F:95:57||dhcp,info

[2018/03/23 08:55:04 +0000] syslog.php(30578):
217.149.xx.2||user||5||notice||0d||2018-03-23
   08:55:04||dhcp104
deassigned 192.168.48.59 from DC:41:5F:76:24:92||dhcp,info
[2018/03/23 08:55:40 +0000] syslog.php(30578):
217.149.xx.2||user||5||notice||0d||2018-03-23
   08:55:40||dhcp105
deassigned 192.168.58.79 from 40:98:AD:5C:23:B1||dhcp,info
[2018/03/23 08:55:41 +0000] syslog.php(30578):
62.255.xx.138||user||5||notice||0d||2018-03-23
   08:55:41||CompDHCP
assigned 10.0.0.222 to 4C:32:75:90:69:33||dhcp,info
[2018/03/23 09:01:00 +0000] syslog.php(11824):
217.149.xx.2||user||5||notice||0d||2018-03-23
   09:01:00||dhcp104
deassigned 192.168.48.5 from 00:CD:FE:8C:3B:D3||dhcp,info

The equipment are also mikrotik switches

Anything else you require?

Regards

Simon

On 23 Mar 2018, at 09:07, Adam Armstrong
   <adama@memetic.org <mailto:adama@memetic.org>
   <mailto:adama@memetic.org <mailto:adama@memetic.org>>
<mailto:adama@memetic.org <mailto:adama@memetic.org>
   <mailto:adama@memetic.org <mailto:adama@memetic.org>>>> wrote:

Mike has been rejigging some of the syslog code.

You probably need to be more specific about where these
   syslog
messages are coming from, though.

Adam.

Sent from BlueMail <http://www.bluemail.me/r?b=12512
   <http://www.bluemail.me/r?b=12512>
   <http://www.bluemail.me/r?b=12512
   <http://www.bluemail.me/r?b=12512>>>
On 23 Mar 2018, at 09:00, Simon Mousey Smith
<simonsmith5521@gmail.com
   <mailto:simonsmith5521@gmail.com> <mailto:simonsmith5521@gmail.com
   <mailto:simonsmith5521@gmail.com>>
   <mailto:simonsmith5521@gmail.com
   <mailto:simonsmith5521@gmail.com>
   <mailto:simonsmith5521@gmail.com
   <mailto:simonsmith5521@gmail.com>>>> wrote:

  Hi All

  Has anybody else seen this recently in an SVN update?

  For some reason the syslog is only show part of a syslog
   message
  from our switches and inserting into observium?

  Also where has this [Program][Tags] appeared from?

  Regards

  Simon



    ------------------------------------------------------------------------

  observium mailing list
  observium@observium.org
   <mailto:observium@observium.org> <mailto:observium@observium.org
   <mailto:observium@observium.org>>
   <mailto:observium@observium.org
   <mailto:observium@observium.org> <mailto:observium@observium.org
   <mailto:observium@observium.org>>>

   http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>

    <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>>

_______________________________________________
observium mailing list
observium@observium.org <mailto:observium@observium.org>
   <mailto:observium@observium.org <mailto:observium@observium.org>>
   <mailto:observium@observium.org
   <mailto:observium@observium.org> <mailto:observium@observium.org
   <mailto:observium@observium.org>>>

   http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>

    <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>>
_______________________________________________
observium mailing list
observium@observium.org <mailto:observium@observium.org>
   <mailto:observium@observium.org <mailto:observium@observium.org>>

   http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>

    <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>>
--
Mike Stupalov
Observium Limited, http://observium.org
_______________________________________________
observium mailing list
observium@observium.org <mailto:observium@observium.org>
   <mailto:observium@observium.org <mailto:observium@observium.org>>

   http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>

    <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>>

_______________________________________________
observium mailing list
observium@observium.org <mailto:observium@observium.org>
   <mailto:observium@observium.org <mailto:observium@observium.org>>

   http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>

    <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>>

   --
   Mike Stupalov
   Observium Limited, http://observium.org
   _______________________________________________
   observium mailing list
   observium@observium.org <mailto:observium@observium.org>
   <mailto:observium@observium.org <mailto:observium@observium.org>>
   http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>

    <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>>


_______________________________________________
observium mailing list
observium@observium.org <mailto:observium@observium.org>
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>

   --
   Mike Stupalov
   Observium Limited, http://observium.org

   _______________________________________________
   observium mailing list
   observium@observium.org <mailto:observium@observium.org>
   http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
   <http://postman.memetic.org/cgi-bin/mailman/listinfo/observium>


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

--
Mike Stupalov
Observium Limited, http://observium.org
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium