Syslog-ng not everything added to database
Hi!
I have setup syslog-ng and observium. 2 of my machines works just fine. But 2 other machines wont add to the syslog database.
As you can se her every things seams to be ok at least in the debug log?
Output from debug log:
2017/02/06 12:55:26 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:55:26||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:55:49 +0100] syslog.php(5326): storage-mgmt||daemon||7||debug||1f||2017-02-06 12:55:49||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:55:51 +0100] syslog.php(5326): process2-vasaloppet||daemon||7||debug||1f||2017-02-06 12:55:51||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:55:56 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:55:56||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:12 +0100] syslog.php(5326): storage-prod||auth||6||info||26||2017-02-06 12:56:06||Received disconnect from 221.194.47.224: 11: [preauth]||sshd [2017/02/06 12:56:13 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:13||Received disconnect from 221.194.47.224: 11: [preauth]||sshd [2017/02/06 12:56:19 +0100] syslog.php(5326): storage-mgmt||daemon||7||debug||1f||2017-02-06 12:56:19||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:21 +0100] syslog.php(5326): process2-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:21||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:26 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:26||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:43 +0100] syslog.php(5326): storage-mgmt||authpriv||5||notice||55||2017-02-06 12:56:43||pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.200.37 user=root||sshd [2017/02/06 12:56:45 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:45||Failed password for root from 58.218.200.37 port 43790 ssh2||sshd [2017/02/06 12:56:47 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:47||Failed password for root from 58.218.200.37 port 43790 ssh2||sshd [2017/02/06 12:56:49 +0100] syslog.php(5326): storage-mgmt||daemon||7||debug||1f||2017-02-06 12:56:49||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:51 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:51||Failed password for root from 58.218.200.37 port 43790 ssh2||sshd [2017/02/06 12:56:51 +0100] syslog.php(5326): process2-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:51||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:51 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:51||Received disconnect from 58.218.200.37: 11: [preauth]||sshd [2017/02/06 12:56:51 +0100] syslog.php(5326): storage-mgmt||authpriv||5||notice||55||2017-02-06 12:56:51||PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.200.37 user=root||sshd [2017/02/06 12:56:56 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:56||error on subcontainer 'ia_addr' insert (-1)||snmpd
storage-prod and storage-mgmt works just fine but process1-vasaloppet and process2-vasaloppet will not show upp in the database.
Anny suggestions?
best
Med Vänliga Hälsningar
Anders Alavik anders@bogalnet.se mailto:anders@bogalnet.se / 0322 - 64 24 71
BogalNet AB Alvhemsgatan 3 447 30 Vårgårda http://www.bogalnet.se http://www.bogalnet.se/
Ohai,
On 06.02.17 15:00, Anders Alavik wrote:
Hi!
I have setup syslog-ng and observium. 2 of my machines works just fine. But 2 other machines wont add to the syslog database.
As you can se her every things seams to be ok at least in the debug log?
Output from debug log:
2017/02/06 12:55:26 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:55:26||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:55:49 +0100] syslog.php(5326): storage-mgmt||daemon||7||debug||1f||2017-02-06 12:55:49||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:55:51 +0100] syslog.php(5326): process2-vasaloppet||daemon||7||debug||1f||2017-02-06 12:55:51||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:55:56 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:55:56||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:12 +0100] syslog.php(5326): storage-prod||auth||6||info||26||2017-02-06 12:56:06||Received disconnect from 221.194.47.224: 11: [preauth]||sshd [2017/02/06 12:56:13 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:13||Received disconnect from 221.194.47.224: 11: [preauth]||sshd [2017/02/06 12:56:19 +0100] syslog.php(5326): storage-mgmt||daemon||7||debug||1f||2017-02-06 12:56:19||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:21 +0100] syslog.php(5326): process2-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:21||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:26 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:26||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:43 +0100] syslog.php(5326): storage-mgmt||authpriv||5||notice||55||2017-02-06 12:56:43||pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.200.37 user=root||sshd [2017/02/06 12:56:45 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:45||Failed password for root from 58.218.200.37 port 43790 ssh2||sshd [2017/02/06 12:56:47 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:47||Failed password for root from 58.218.200.37 port 43790 ssh2||sshd [2017/02/06 12:56:49 +0100] syslog.php(5326): storage-mgmt||daemon||7||debug||1f||2017-02-06 12:56:49||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:51 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:51||Failed password for root from 58.218.200.37 port 43790 ssh2||sshd [2017/02/06 12:56:51 +0100] syslog.php(5326): process2-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:51||error on subcontainer 'ia_addr' insert (-1)||snmpd [2017/02/06 12:56:51 +0100] syslog.php(5326): storage-mgmt||auth||6||info||26||2017-02-06 12:56:51||Received disconnect from 58.218.200.37: 11: [preauth]||sshd [2017/02/06 12:56:51 +0100] syslog.php(5326): storage-mgmt||authpriv||5||notice||55||2017-02-06 12:56:51||PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.200.37 user=root||sshd [2017/02/06 12:56:56 +0100] syslog.php(5326): process1-vasaloppet||daemon||7||debug||1f||2017-02-06 12:56:56||error on subcontainer 'ia_addr' insert (-1)||snmpd
storage-prod and storage-mgmt works just fine but process1-vasaloppet and process2-vasaloppet will not show upp in the database.
Device hostname (or sysname) must be complete same as host passed by syslog server for correct syslog associations.
If hostname in observium does not match with syslog host, try to use host_map config options:
|$config['syslog']['host_map']|
See more info here: http://www.observium.org/docs/syslog/#match-syslog-hostnameip-with-device
Anny suggestions?
best
Med Vänliga Hälsningar
*Anders Alavik* anders@bogalnet.se mailto:anders@bogalnet.se / 0322 - 64 24 71
*BogalNet AB* Alvhemsgatan 3 447 30 Vårgårda http://www.bogalnet.se http://www.bogalnet.se/
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (2)
-
Anders Alavik -
Mike Stupalov