Re: [Observium] Syslog Integration

20 Jul 2018


      Hi Brian,
you configured syslog daemon complete at same way in Pro as in CE?
You use rsyslog daemon?
How to debug syslog receiver (for rsyslog):
1. In Global Setting Edit -> Syslog -> Enable Syslog DEBUG
2. Validate that rsyslog daemon have permissions to write into logs dir:
$ ls -l /opt/observium | grep logs
2.a Simple is add write permissions for all:
    $ sudo chmod 777 /opt/observium/logs
3. restart rsyslog:
    $ sudo service rsyslog restart
4. Now see debug.*.syslog files in logs dir:
    $ ls /opt/observium/logs/*.syslog
When syslog msg from host received, here will added file:
debug.<host>.syslog
Where <host> is received hostname by rsyslog daemon,
in your case this <host> must be complete same as device hostname in 
observium server.
Inside this log files you will see full syslog messages like this:
[2018/03/21 17:51:32 +0300] syslog.php(5563): 
<host>||4||6||6||sshd[9497]:||2018-03-21 17:51:32|| Received disconnect 
from 221.194.47.239 port 36596:11:  [preauth]||sshd
Here also <host> entry as first part of message.
If <host> not same as device hostname (I think this is your trouble), 
than read this docs:
http://docs.observium.org/syslog/#match-syslog-hostnameip-with-device
...
Brian Hilmers mailto:bhilmers@scripps.edu
20 July 2018 at 02:07
Hello,
Our organization recently upgraded from the Community version to 
Professional. While using the Community version on Ubuntu 16.04 we 
found syslog integration worked well and setup was easy following the 
documentation. After purchasing a subscription, we installed Observium 
on a new Ubuntu 16.04 machine, but cannot get syslog integration to 
work. I have configured the target machine to send syslog messages to 
Observium and, using tcpdump, can confirm the Observium server is 
receiving messages on the correct port from the target with FQDN. 
However, the Observium web interface show "no syslog entries." What is 
the best way to diagnose and fix this problem?
Brian Hilmers

observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- 
Mike Stupalov
Observium Limited, http://observium.org

Mike Stupalov

tags (0)

participants (1)