Graylog integration

Hello, I am trying the integration of Graylog,
Graylog is working fine on a VM, and is receiving log information from my servers.
Then I configured LibreNMS by the Documentation.
The link appears on the logs tab in the devices on Librenms but no results found!
is the only thing that shows.

There are no errors on the Librenms /opt/logs/error.log other than Favicon related.

Has someone succesfully done this integration?
Does anyone have an idea?
should I configure somehing else on the Graylog server?

Many Thanks

Mine is working great. Try adding /debug at the end of the url on the graylog page. Post back any info. Also, maybe read through the documentation again.

Are you using DNS? I believe I added a section in the doc about how you need to have the FQDNs matching. I.E. if you use full FQDNs in librenms, server1.example.com but shortnames (the default) in graylog, server1, then the logs won’t show up in LibreNMS. The hostnames used in LibreNMS and Graylog need to match exactly.

Thank you both for your answers,
I tied debug at the end but same result
I am using DNS indeed.
My Graylog server is 2.2 is sitting behind ngnix reverse proxy
I can access Graylog ok I can send rsyslog to the inputs in Graylog, I see the messages arriving.
But the integration in Librenms only shows :
No results found!
Trough the Overview link or trough the Graylog link in the log tab of any host.

these are my Graylog entries in librenms config.php

#####################################################

GRAYLOG

#####################################################
$config[‘graylog’][‘server’] = ‘http://graylog.xxxx.xxx’;
$config[‘graylog’][‘port’] = 9000;
$config[‘graylog’][‘username’] = ‘admin’;
$config[‘graylog’][‘password’] = ‘xxxxxx’;
$config[‘graylog’][‘version’] = ‘2.1’;

And this is my rsyslog.conf part

Send to Graylog

$PreserveFQDN on
. @192.168.1.114:514;RSYSLOG_SyslogProtocol23Format

A few questions:

  1. you are using nginx to reverse proxy - why port 9000? I have my config set to use 443 as I also proxy with nginx. Should just be whatever the web port is.
  2. http or https?
  3. can you verify that the hostname used in Graylog is the same as in Graylog? That is the right config setting to use FQDNs, but if the hostname sent to Graylog is different than the hostname used in LibreNMS it won’t work (I.E. if you added the server as website.example.com in LibreNMS, but it tells Graylog that it is actually webhost03.example.com it won’t match

Thank you very much for your help,
It was the port, I am proxyng trough nginx and i put the upstream port.
When I put it at 80 everything worked like a charm.
Many thanks again.

Hi Guys,

I’m having the same issue with no results found !

I’m running my Graylog 3.0.2 on a separate Ubuntu 18.04 VM with Apache2, via port 9000 :
URL: graylog.MyDomain:9000

I am using the GUI configuration in LibreNMS. See attached. If put any configuration in the config.php, the GUI will notify that they should be removed in order to enable, so I hashed the integration lines in the config file.

I use $PreserveFQDN on in rsyslog.conf in the hosts that are reporting to Graylog.

The hosts names are the same in Graylog and LibreNMS so I don’t think it’s a name mismatch.
I tried different combinations of URL and ports in the GUI configuration, but all gave me the same result.

Any advice please

Any advice please ?

Found it.
Adding the config in config.php. It was my misunderstanding of the message in the GUI. It meant remove from config.php to enable editing in the GUI :slight_smile:

Now I see hosts logs from Graylog in LibreNMS

1 Like

Were you not able to set something up in the Web UI to enable the integration?

Hi Murrant,

No, actually I misunderstood the message in the GUI that I should remove the configuration lines from config.php file to enable the integration. Then I realized it means I should remove the lines to ENABLE EDITING in the GUI.
Once I added the integration lines in the config.php file I started getting Graylog logs in LibreNMS.

All good … thanks

Yeah, when you use the web ui to configure it, you should NOT have any lines in the config.php file relating to graylog… config.php overrides the webui.

What lines did you need to add?

Hi Murrant,

# Enable Graylog
$config['graylog']['server']   = 'http://graylog.MYDOMAIN';
$config['graylog']['port']     = 9000;
$config['graylog']['username'] = 'USERNAME';
$config['graylog']['password'] = 'PASSWORD';

And that user MUST be an ADMIN account in Graylog.

Regards

I don’t understand why that would be any different from the webui.

Can you compare the output of this command with the lines commented and uncommented in config.php?

./lnms config:get graylog

Hi Murrant,

There you go. In fact i don’t see any difference.

Below is with commented lines:

./lnms config:get graylog
array (
  'device-page' =>
 array (
    'loglevel' => 7,
    'rowCount' => 20,
  ),
  'server' => 'http://graylog.MYDOMAIN',
  'version' => '2.1',
  'password' => 'PASSWORD',
  'timezone' => 'UTC',
  'username' => 'USER',
  'port' => 9000,

Below is with uncommented lines:

  ./lnms config:get graylog
  array (
    'device-page' =>
  array (
    'loglevel' => 7,
    'rowCount' => 20,
  ),
  'server' => 'http://graylog.MYDOMAIN',
  'version' => '2.1',
  'password' => 'PASSWORD',
  'timezone' => 'UTC',
  'username' => 'USER',
  'port' => 9000,

Yep, color me utterly confused :smiley:

hhhh no worries … it got me confused as well.
But anyway it works fine now. I might have made a mistake somewhere and somehow fixed it during my tests.

Thanks for your support.