Closed marcelodl-00 closed 4 years ago
jarischaefer
commented
4 years ago Were you following the docs for the server or client installation? Is there any reason why you cannot use rsyslog?
Using rsyslog, it should be very simple (from the docs):
*.* @example.com:514
marcelodl-00
commented
4 years ago All good got it to work! Thanks for the quick response though.
Van: Jari Schäfer notifications@github.com Verzonden: woensdag 20 november 2019 23:17 Aan: jarischaefer/docker-librenms docker-librenms@noreply.github.com CC: marcelodl-00 marcel.onderdelinden@outlook.com; Author author@noreply.github.com Onderwerp: Re: [jarischaefer/docker-librenms] v1.57 syslog version 3.1? (#111)
Were you following the docs for the server or client installation? Is there any reason why you cannot use rsyslog?
Using rsyslog, it should be very simple (from the docshttps://github.com/jarischaefer/docker-librenms#syslog):
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/jarischaefer/docker-librenms/issues/111?email_source=notifications&email_token=AN2BWMYID7L56HKIXER5ZA3QUWZPRA5CNFSM4JPALXPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEVR7MY#issuecomment-556474291, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AN2BWM7QWSGPTWDNRXAZVJDQUWZPRANCNFSM4JPALXPA.
Issue with receiving syslog messages from remote device. My validate.php outcome; librenms@e19d48926fac:~$ php validate.php
====================================
[OK] Composer Version: 1.9.1 [OK] Dependencies up-to-date. [OK] Database connection successful [OK] Database schema correct [FAIL] The poller (288bc27767a2) has not completed within the last 5 minutes, check the cron job. [FAIL] The poller (6dd28b3ab113) has not completed within the last 5 minutes, check the cron job. [WARN] IPv6 is disabled on your server, you will not be able to add IPv6 devices. [WARN] Your install is over 24 hours out of date, last update: Tue, 29 Oct 2019 00:40:17 +0000 [FIX]: Make sure your daily.sh cron is running and run ./daily.sh by hand to see if there are any errors. [WARN] Your local git branch is not master, this will prevent automatic updates. [FIX]: You can switch back to master with git checkout master [FAIL] We have found some files that are owned by a different user than librenms, this will stop you updating automatically and / or rrd files being updated causing graphs to fail. [FIX]: sudo chown -R librenms:librenms /opt/librenms sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ Files: /opt/librenms/conf.d/custom.config.php
My docker run command includes the right ports -p514:514 -p514:514/udp and -e SYSLOG_ENABLE=true
My syslog-ng.conf @version: 3.13 @include "scl.conf" @include "
scl-root/system/tty10.conf"Syslog-ng configuration file, compatible with default Debian syslogd
installation.
First, set some global options.
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); };
########################
Sources
########################
This is the default behavior of sysklogd package
Logs may come from unix stream, but not from another machine.
# source s_src { unix-dgram("/dev/log"); internal(); };
If you wish to get logs from remote machine you should uncomment
this and comment the above source line.
#
source s_net { tcp(ip(127.0.0.1) port(1000)); };
########################
Destinations
########################
First some standard logfile
# destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); };
This files are the log come from the mail subsystem.
# destination d_mailinfo { file("/var/log/mail.info"); }; destination d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr { file("/var/log/mail.err"); };
Logging for INN news system
# destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); };
Some 'catch-all' logfiles.
# destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); };
The named pipe /dev/xconsole is for the nsole' utility. To use it,
you must invoke nsole' with the -file' option:
#
$ xconsole -file /dev/xconsole [...]
# destination d_xconsole { pipe("/dev/xconsole"); };
Send the messages to an other host
#
destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };
Debian only
destination d_ppp { file("/var/log/ppp.log"); };
stdout for docker
destination d_stdout { pipe("/dev/stdout"); };
########################
Filters
########################
Here's come the filter options. With this rules, we can set which
message go where.
filter f_dbg { level(debug); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_err { level(err); }; filter f_crit { level(crit .. emerg); };
filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news); };
filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5, local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); };
filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); };
########################
Log paths
######################## log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); destination(d_stdout); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); };
log { source(s_src); filter(f_mail); destination(d_mail); };
log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
log { source(s_src); filter(f_ppp); destination(d_ppp); };
log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); };
log { source(s_src); filter(f_messages); destination(d_messages); };
All messages send to a remote site
#
log { source(s_src); destination(d_net); };
Include all config files in /etc/syslog-ng/conf.d/
@include "/etc/syslog-ng/conf.d/*.conf"
I cant get remote syslog messages being sent/received in librenms. Trying to follow the librenms docs on this but that is for version 3.5 not 3.1. Not sure if this matters or not or what is wrong here....
Please advice :-)