Hi,
I have syslog setup in observium with a cisco 1841. However, I'm trying to get it to process nat messages but they arn't showing up correctly. I'm using syslog-ng for syslog.
ie
192.168.2.1||local2||info||info||96||2013-12-31 00:53:15||5d00h: %IPNAT-6-DELETED: tcp 10.10.10.118:62249 192.168.12.1:62249 192.168.33.30:80192.168.33.30:80 ||99
gets truncated too
2013-12-31 00:53:15(info)*62249 192.168.12.1:62249 http://192.168.12.1:62249 192.168* :
This only happens for the nat messages.
ie
192.168.2.1||local2||notice||notice||95||2013-12-31 01:13:05||5d01h: %SYS-5-CONFIG_I: Configured from console by console||100
shows up as
2013-12-31 01:13:05(notice)*SYS-5-CONFIG_I* : Configured from console by console
The raw nat syslog messages look like the following (aka not filtered by syslog-ng for observium):
Dec 31 01:16:59 192.168.2.1 101: 5d01h: %IPNAT-6-CREATED: tcp 10.10.10.118:62713 192.168.12.1:62713 192.168.33.30:80 192.168.33.30:80
config settings:
syslog-ng.conf
options { chain_hostnames(0); time_reopen(10); time_reap(360); #sync(0); log_fifo_size(2048); create_dirs(yes); #owner(root); group(adm); perm(0640); #dir_owner(root); #dir_group(root); dir_perm(0755); use_dns(no); #dns_cache(yes); #log_msg_size(2048); stats_freq(0); bad_hostname("^gconfd$"); }; source s_net { udp (); };
destination df_router { file("/var/log/router" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
log { source(s_net); filter(router_f); destination(df_router); };
filter router_f {host(192.168.2.1); };
observium.conf:
$config['enable_syslog'] = 1;
Kind Regards,
Rory
Hi.
I know this problem. They was fixed in my devel env. I will commit fix after our (russian) holidays. ;)
Rory Schramm etfeet@gmail.com 31 декабря 2013 г. 13:18:54 написал:
Hi,
I have syslog setup in observium with a cisco 1841. However, I'm trying to get it to process nat messages but they arn't showing up correctly. I'm using syslog-ng for syslog.
ie
192.168.2.1||local2||info||info||96||2013-12-31 00:53:15||5d00h: %IPNAT-6-DELETED: tcp 10.10.10.118:62249 192.168.12.1:62249 192.168.33.30:80 192.168.33.30:80||99
gets truncated too
2013-12-31 00:53:15(info) *62249 192.168.12.1:62249 http://192.168.12.1:62249 192.168* :
This only happens for the nat messages.
ie
192.168.2.1||local2||notice||notice||95||2013-12-31 01:13:05||5d01h: %SYS-5-CONFIG_I: Configured from console by console||100
shows up as
2013-12-31 01:13:05(notice) *SYS-5-CONFIG_I* : Configured from console by console
The raw nat syslog messages look like the following (aka not filtered by syslog-ng for observium):
Dec 31 01:16:59 192.168.2.1 101: 5d01h: %IPNAT-6-CREATED: tcp 10.10.10.118:62713 192.168.12.1:62713 192.168.33.30:80 192.168.33.30:80
config settings:
syslog-ng.conf
options { chain_hostnames(0); time_reopen(10); time_reap(360); #sync(0); log_fifo_size(2048); create_dirs(yes); #owner(root); group(adm); perm(0640); #dir_owner(root); #dir_group(root); dir_perm(0755); use_dns(no); #dns_cache(yes); #log_msg_size(2048); stats_freq(0); bad_hostname("^gconfd$"); }; source s_net { udp (); };
destination df_router { file("/var/log/router" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
log { source(s_net); filter(router_f); destination(df_router); };
filter router_f {host(192.168.2.1); };
observium.conf:
$config['enable_syslog'] = 1;
Kind Regards,
Rory
On 01/02/2014 07:28 AM, Mike Stupalov wrote:
Hi.
I know this problem. They was fixed in my devel env. I will commit fix after our (russian) holidays. ;)
= Drinking truckloads of vodka while cuddling pet bears. This may take a while!
Rory Schramm <etfeet@gmail.com mailto:etfeet@gmail.com> 31 ??????? 2013 ?. 13:18:54 ???????:
Hi,
I have syslog setup in observium with a cisco 1841. However, I'm trying to get it to process nat messages but they arn't showing up correctly. I'm using syslog-ng for syslog.
ie
192.168.2.1||local2||info||info||96||2013-12-31 00:53:15||5d00h: %IPNAT-6-DELETED: tcp 10.10.10.118:62249 http://10.10.10.118:62249 192.168.12.1:62249 http://192.168.12.1:62249 192.168.33.30:80 http://192.168.33.30:80 192.168.33.30:80||99
gets truncated too
2013-12-31 00:53:15 (info) *62249 192.168.12.1:62249 http://192.168.12.1:62249 192.168* :
This only happens for the nat messages.
ie
192.168.2.1||local2||notice||notice||95||2013-12-31 01:13:05||5d01h: %SYS-5-CONFIG_I: Configured from console by console||100
shows up as
2013-12-31 01:13:05 (notice) *SYS-5-CONFIG_I* : Configured from console by console
The raw nat syslog messages look like the following (aka not filtered by syslog-ng for observium):
Dec 31 01:16:59 192.168.2.1 101: 5d01h: %IPNAT-6-CREATED: tcp 10.10.10.118:62713 http://10.10.10.118:62713 192.168.12.1:62713 http://192.168.12.1:62713 192.168.33.30:80 http://192.168.33.30:80 192.168.33.30:80 http://192.168.33.30:80
config settings:
syslog-ng.conf
options { chain_hostnames(0); time_reopen(10); time_reap(360); #sync(0); log_fifo_size(2048); create_dirs(yes); #owner(root); group(adm); perm(0640); #dir_owner(root); #dir_group(root); dir_perm(0755); use_dns(no); #dns_cache(yes); #log_msg_size(2048); stats_freq(0); bad_hostname("^gconfd$"); }; source s_net { udp (); };
destination df_router { file("/var/log/router" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
log { source(s_net); filter(router_f); destination(df_router); };
filter router_f {host(192.168.2.1); };
observium.conf:
$config['enable_syslog'] = 1;
Kind Regards,
Rory
-- Mike Stupalov http://observium.org/
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi,
should be fixed now in latest revision (PRO edition).
Mike.
On Tue, Dec 31, 2013 at 1:18 PM, Rory Schramm etfeet@gmail.com wrote:
Hi,
I have syslog setup in observium with a cisco 1841. However, I'm trying to get it to process nat messages but they arn't showing up correctly. I'm using syslog-ng for syslog.
ie
192.168.2.1||local2||info||info||96||2013-12-31 00:53:15||5d00h: %IPNAT-6-DELETED: tcp 10.10.10.118:62249 192.168.12.1:62249 192.168.33.30:80 192.168.33.30:80||99
gets truncated too
2013-12-31 00:53:15(info) *62249 192.168.12.1:62249 http://192.168.12.1:62249 192.168* :
This only happens for the nat messages.
ie
192.168.2.1||local2||notice||notice||95||2013-12-31 01:13:05||5d01h: %SYS-5-CONFIG_I: Configured from console by console||100
shows up as
2013-12-31 01:13:05(notice) *SYS-5-CONFIG_I* : Configured from console by console
The raw nat syslog messages look like the following (aka not filtered by syslog-ng for observium):
Dec 31 01:16:59 192.168.2.1 101: 5d01h: %IPNAT-6-CREATED: tcp 10.10.10.118:62713 192.168.12.1:62713 192.168.33.30:80 192.168.33.30:80
config settings:
syslog-ng.conf
options { chain_hostnames(0); time_reopen(10); time_reap(360); #sync(0); log_fifo_size(2048); create_dirs(yes); #owner(root); group(adm); perm(0640); #dir_owner(root); #dir_group(root); dir_perm(0755); use_dns(no); #dns_cache(yes); #log_msg_size(2048); stats_freq(0); bad_hostname("^gconfd$"); }; source s_net { udp (); };
destination df_router { file("/var/log/router" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
destination d_observium { program("/opt/observium/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };
log { source(s_net); filter(router_f); destination(df_router); };
filter router_f {host(192.168.2.1); };
observium.conf:
$config['enable_syslog'] = 1;
Kind Regards,
Rory
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (3)
-
Mike Stupalov -
Rory Schramm -
Tom Laermans