syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in to Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages look something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
Now there is a command that let you add a "hostname prefix" to the syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the syslogged hostname to a hostname in the database.
I took a look in the observium syslog-code and if I understand it correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
In that case maybe I could change the syslog-ng template that forwards the data to Observium to instead use source IP instead of hostname?
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
Am I even on the right track here? Could something like this work to make my idiotic ASR9Ks show up in the Observium syslog?
Thanks in advance for any advice
/Markus
Hi, we have mixed ASR9K/IOS devices and this works for us:
#cat /etc/syslog-ng/conf.d/observium.conf
options { keep_hostname(1); };
source s_net { udp(flags(no-parse)); # udp();
};
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
log { source(s_net); destination(d_observium); };
I believe the rest of syslog-ng is as per default, the ASR config elements are:
service timestamps log datetime localtime msec show-timezone logging <ip> vrf <vrf> severity info
Hope that helps!
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Markus Klock Sent: 19 September 2014 06:37 To: Observium Network Observation System Subject: [Observium] syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in to Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages look something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
Now there is a command that let you add a "hostname prefix" to the syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the syslogged hostname to a hostname in the database. I took a look in the observium syslog-code and if I understand it correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database? In that case maybe I could change the syslog-ng template that forwards the data to Observium to instead use source IP instead of hostname?
destination d_observium {
program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far. Am I even on the right track here? Could something like this work to make my idiotic ASR9Ks show up in the Observium syslog? Thanks in advance for any advice /Markus
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com
I can confirm working syslog integration between the latest Observium version and several ASR9K's running various versions of IOS-XR.
Didn't need to do anything special.
Here is excerpt from syslog-ng.conf
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); }; log { source(s_net); destination(d_observium); };
I guess Observium is doing an IP lookup as you mentioned to match the hostname I have in Observium. The configured hostnames in the routers do not match what I have in Observium. I probably need to change that but it is currently working.
I just need the following config in the ASR9K's pointing to Observium
logging 192.168.1.1 vrf default
From: Markus Klock <markus@best-practice.semailto:markus@best-practice.se> Reply-To: "observium@observium.orgmailto:observium@observium.org" <observium@observium.orgmailto:observium@observium.org> Date: Friday, September 19, 2014 at 12:36 AM To: "observium@observium.orgmailto:observium@observium.org" <observium@observium.orgmailto:observium@observium.org> Subject: [Observium] syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in to Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actrually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages look something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
Now there is a command that let you add a "hostname prefix" to the syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the syslogged hostname to a hostname in the database.
I took a look in the observium syslog-code and if I understand it correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
In that case maybe I could change the syslog-ng template that forwards the data to Observium to instead use source IP instead of hostname?
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
Am I even on the right track here? Could something like this work to make my idiotic ASR9Ks show up in the Observium syslog?
Thanks in advance for any advice
/Markus
Thanks for the replys, thats strange. Using the default config for syslog I get syslog from my IOS-devices but not the IOS-XR ones, I have verified that they are received at the observium-box using tcpdump... Is there any way to debug observium syslog parsing?
/Markus
2014-09-19 15:28 GMT+02:00 Tim Calvin tcalvin@tlsn.net:
I can confirm working syslog integration between the latest Observium version and several ASR9K’s running various versions of IOS-XR.
Didn’t need to do anything special.
Here is excerpt from syslog-ng.conf
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); }; log { source(s_net); destination(d_observium); };
I guess Observium is doing an IP lookup as you mentioned to match the hostname I have in Observium. The configured hostnames in the routers do not match what I have in Observium. I probably need to change that but it is currently working.
I just need the following config in the ASR9K’s pointing to Observium
logging 192.168.1.1 vrf default
From: Markus Klock markus@best-practice.se Reply-To: "observium@observium.org" observium@observium.org Date: Friday, September 19, 2014 at 12:36 AM To: "observium@observium.org" observium@observium.org Subject: [Observium] syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in to Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actrually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages look something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
Now there is a command that let you add a "hostname prefix" to the syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the syslogged hostname to a hostname in the database.
I took a look in the observium syslog-code and if I understand it correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
In that case maybe I could change the syslog-ng template that forwards the data to Observium to instead use source IP instead of hostname?
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
Am I even on the right track here? Could something like this work to make my idiotic ASR9Ks show up in the Observium syslog?
Thanks in advance for any advice
/Markus
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi – you can check what syslog is passing on using this:
destination d_observium_debug { file("/var/log/observium.debug" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
log { source(s_net); destination(d_observium); destination(d_observium_debug); };
Generate basic events (like conf mode exiting) for both working and non-working devices and check that the formatting is coming out correct?
Also check that Observium does actually list the devices’ IP when you search for it. If it doesn’t have it then it cannot match the source and put it against the correct host. Sometimes your interface filters, like filtering out loopback* (been there, done that) may result in Observium not knowing the IP from whence it came…
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Markus Klock Sent: 19 September 2014 14:40 To: Observium Network Observation System Subject: Re: [Observium] syslog-ng implementation and Cisco ASR9K
Thanks for the replys, thats strange. Using the default config for syslog I get syslog from my IOS-devices but not the IOS-XR ones, I have verified that they are received at the observium-box using tcpdump... Is there any way to debug observium syslog parsing?
/Markus
2014-09-19 15:28 GMT+02:00 Tim Calvin <tcalvin@tlsn.netmailto:tcalvin@tlsn.net>: I can confirm working syslog integration between the latest Observium version and several ASR9K’s running various versions of IOS-XR.
Didn’t need to do anything special.
Here is excerpt from syslog-ng.conf
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); }; log { source(s_net); destination(d_observium); };
I guess Observium is doing an IP lookup as you mentioned to match the hostname I have in Observium. The configured hostnames in the routers do not match what I have in Observium. I probably need to change that but it is currently working.
I just need the following config in the ASR9K’s pointing to Observium
logging 192.168.1.1 vrf default
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com From: Markus Klock <markus@best-practice.semailto:markus@best-practice.se> Reply-To: "observium@observium.orgmailto:observium@observium.org" <observium@observium.orgmailto:observium@observium.org> Date: Friday, September 19, 2014 at 12:36 AM To: "observium@observium.orgmailto:observium@observium.org" <observium@observium.orgmailto:observium@observium.org> Subject: [Observium] syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in to Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actrually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages look something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
Now there is a command that let you add a "hostname prefix" to the syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the syslogged hostname to a hostname in the database.
I took a look in the observium syslog-code and if I understand it correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
In that case maybe I could change the syslog-ng template that forwards the data to Observium to instead use source IP instead of hostname?
destination d_observium {
program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
Am I even on the right track here? Could something like this work to make my idiotic ASR9Ks show up in the Observium syslog?
Thanks in advance for any advice
/Markus
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
I'm pretty sure there was some changes somewhat recently which is not in CE version. Are you running CE?
On 19/09/14 17:39, Markus Klock wrote:
Thanks for the replys, thats strange. Using the default config for syslog I get syslog from my IOS-devices but not the IOS-XR ones, I have verified that they are received at the observium-box using tcpdump... Is there any way to debug observium syslog parsing?
/Markus
2014-09-19 15:28 GMT+02:00 Tim Calvin tcalvin@tlsn.net:
I can confirm working syslog integration between the latest Observium version and several ASR9K’s running various versions of IOS-XR.
Didn’t need to do anything special.
Here is excerpt from syslog-ng.conf
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); }; log { source(s_net); destination(d_observium); };
I guess Observium is doing an IP lookup as you mentioned to match the hostname I have in Observium. The configured hostnames in the routers do not match what I have in Observium. I probably need to change that but it is currently working.
I just need the following config in the ASR9K’s pointing to Observium
logging 192.168.1.1 vrf default
From: Markus Klock markus@best-practice.se Reply-To: "observium@observium.org" observium@observium.org Date: Friday, September 19, 2014 at 12:36 AM To: "observium@observium.org" observium@observium.org Subject: [Observium] syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in to Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actrually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages look something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
Now there is a command that let you add a "hostname prefix" to the syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the syslogged hostname to a hostname in the database.
I took a look in the observium syslog-code and if I understand it correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
In that case maybe I could change the syslog-ng template that forwards the data to Observium to instead use source IP instead of hostname?
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
Am I even on the right track here? Could something like this work to make my idiotic ASR9Ks show up in the Observium syslog?
Thanks in advance for any advice
/Markus
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
No I'm on r5815
/Markus
2014-09-19 16:06 GMT+02:00 Nikolay Shopik shopik@inblock.ru:
I'm pretty sure there was some changes somewhat recently which is not in CE version. Are you running CE?
On 19/09/14 17:39, Markus Klock wrote:
Thanks for the replys, thats strange. Using the default config for syslog I get syslog from my IOS-devices but not the IOS-XR ones, I have verified that they are
received
at the observium-box using tcpdump... Is there any way to debug observium syslog parsing?
/Markus
2014-09-19 15:28 GMT+02:00 Tim Calvin tcalvin@tlsn.net:
I can confirm working syslog integration between the latest Observium version and several ASR9K’s running various versions of IOS-XR.
Didn’t need to do anything special.
Here is excerpt from syslog-ng.conf
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); }; log { source(s_net); destination(d_observium); };
I guess Observium is doing an IP lookup as you mentioned to match the hostname I have in Observium. The configured hostnames in the routers do not match what I have in Observium. I probably need to change that but
it
is currently working.
I just need the following config in the ASR9K’s pointing to Observium
logging 192.168.1.1 vrf default
From: Markus Klock markus@best-practice.se Reply-To: "observium@observium.org" observium@observium.org Date: Friday, September 19, 2014 at 12:36 AM To: "observium@observium.org" observium@observium.org Subject: [Observium] syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in to Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actrually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages
look
something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I :
Configured from console by console
Now there is a command that let you add a "hostname prefix" to the
syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]:
%SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the syslogged
hostname to a hostname in the database.
I took a look in the observium syslog-code and if I understand it
correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
In that case maybe I could change the syslog-ng template that forwards
the data to Observium to instead use source IP instead of hostname?
destination d_observium { program("/opt/observium/syslog.php" template
("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
Am I even on the right track here? Could something like this work to
make my idiotic ASR9Ks show up in the Observium syslog?
Thanks in advance for any advice
/Markus
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Solved it now! The problem was that I fitered out the loopback interfaces of my ASR9Ks as Robert suggested. Thank you all for the help! /Markus
2014-09-19 16:14 GMT+02:00 Markus Klock markus@best-practice.se:
No I'm on r5815
/Markus
2014-09-19 16:06 GMT+02:00 Nikolay Shopik shopik@inblock.ru:
I'm pretty sure there was some changes somewhat recently which is not in CE version. Are you running CE?
On 19/09/14 17:39, Markus Klock wrote:
Thanks for the replys, thats strange. Using the default config for syslog I get syslog from my IOS-devices but not the IOS-XR ones, I have verified that they are
received
at the observium-box using tcpdump... Is there any way to debug observium syslog parsing?
/Markus
2014-09-19 15:28 GMT+02:00 Tim Calvin tcalvin@tlsn.net:
I can confirm working syslog integration between the latest Observium version and several ASR9K’s running various versions of IOS-XR.
Didn’t need to do anything special.
Here is excerpt from syslog-ng.conf
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); }; log { source(s_net); destination(d_observium); };
I guess Observium is doing an IP lookup as you mentioned to match the hostname I have in Observium. The configured hostnames in the routers
do
not match what I have in Observium. I probably need to change that
but it
is currently working.
I just need the following config in the ASR9K’s pointing to Observium
logging 192.168.1.1 vrf default
From: Markus Klock markus@best-practice.se Reply-To: "observium@observium.org" observium@observium.org Date: Friday, September 19, 2014 at 12:36 AM To: "observium@observium.org" observium@observium.org Subject: [Observium] syslog-ng implementation and Cisco ASR9K
Hey guys! I´m setting up syslog-ng implementation and it works great for all my Cisco IOS-devices, however most of the devices in my network is Cisco ASR9K-routers running IOS-XR and it seems syslog from them wont go in
to
Observium. I did a quick look in the syslog-messages from the ASR9Ks and it seems IOS-XR actrually don't use its hostname as hostname but instead use its active routeprocessors name (wtf cisco?!) making the syslog messages
look
something like this:
RP/0/RSP0/CPU0:Nov 28 23:56:53.826 : config[65710]: %SYS-5-CONFIG_I :
Configured from console by console
Now there is a command that let you add a "hostname prefix" to the
syslog messages, which means that I can type my own custom string as hostname for syslog, sadly it still just adds it before the RPS-id making the messages like this:
router1 RP/0/RSP0/CPU0:router:Nov 28 23:56:53.826 : config[65710]:
%SYS-5-CONFIG_I : Configured from console by console
This of course makes it impossible for Observium to match the
syslogged hostname to a hostname in the database.
I took a look in the observium syslog-code and if I understand it
correctly, if it fails to match the hostname it does a fallback and tries if maybe the IP-address is used as hostname and try to match it against a host in the database?
In that case maybe I could change the syslog-ng template that forwards
the data to Observium to instead use source IP instead of hostname?
destination d_observium { program("/opt/observium/syslog.php" template
("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes));
I tried change $HOST to $HOST_FROM and $SOURCEIP but no luck so far.
Am I even on the right track here? Could something like this work to
make my idiotic ASR9Ks show up in the Observium syslog?
Thanks in advance for any advice
/Markus
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (4)
-
Markus Klock -
Nikolay Shopik -
Robert Williams -
Tim Calvin