1. write questions to list pls, I'm not a service support 2. why do you have a line break in $template, all text betwen $template and \n" this is one line (use copy-paste) 3. about '& stop' vs '& ~', tilde - legacy but still working variant, and therefore suitable for the old and new rsyslog versions

and in irc you sayd that syslog messages displayed if in cisco device set logging without timezone, this is not true?

On Sat, Aug 30, 2014 at 2:15 PM, Wouter Prins wp@null0.nl wrote:

It still doesn't work correctly here. Any idea's? :)

I've pasted this into /etc/rsyslog.conf:

-- $template observium,"%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||% programname%\n" $ModLoad omprog $ActionOMProgBinary /opt/observium/syslog.php

:inputname, isequal, "imudp" :omprog:;observium

& stop

#---------------------------------------------------------

Any idea why i still dont see any cisco syslog messages? When i restart rsyslogd its not complaining about syntax etc. I do see unix syslog from servers.

On 24 August 2014 12:37, Mike Stupalov mike@observium.org wrote:

...

Hi,

yes, everything works

On Sun, Aug 24, 2014 at 11:44 AM, Wouter Prins wp@null0.nl wrote:

...

Hi Mike,

Is this config working for you in 14.04.1?

On 20 August 2014 07:14, Mike Stupalov mike@observium.org wrote:

...

.. or just use Rsyslog because it is in base Ubuntu system: http://observium.org/wiki/Rsyslog_Syslog_Server

On Wed, Aug 20, 2014 at 1:18 AM, Robert Williams < Robert@custodiandc.com> wrote:

...

Hi,

Further to Pav's comments earlier, I’ve found that setting the “no-parse” flag in syslog-ng stops it from messing with the string and restores some reasonable sanity to the messages which get passed to Observium. Clearly something has changed within syslog-ng from Ubuntu 12->14 and this new issue is nothing to do with the Observium-importing-the-message element.

For anyone suffering the same fate, the actual setting syntax to be used within the Observium definition for syslog-ng is:

source s_net { udp(flags(no-parse)); };

This restores 100% normal message structure for /most/ of the devices I’ve just tested with, including all the IOS 15.x ones which had all started showing simply "%" as the message content.

The ones which are still a little bit broken are the IOS-XR based units as they seem to pass a load of process name, event log number, process number, favourite colour and other random crap in the “message” element. However, they were all a bit broken before all this anyway to be fair.

I can see that within the /includes/syslog.php there is a rather extensive section of preg_match/replace for a number of $os types. So I guess the best way forwards to sanitise the extra IOS-XR crap is to build it in there and submit a patch. Although I have a feeling that IOS and IOS-XR count as the same $OS type? So we won't necessarily be able to filter the manipulation using that to match them.

Anyway, if we make any progress with it we’ll let you know!

Cheers guys,

Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com

---

observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

-- Mike Stupalov http://observium.org/ _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

-- Wouter Prins wp@null0.nl

-- Mike Stupalov http://observium.org/

-- Wouter Prins wp@null0.nl