Hello there,
I just started to use libreNMS and for some reason is not showing any Syslog data.
centOS image in VMware.
| Version |
1.50.1 - Fri Apr 12 2019 21:47:50 GMT-0400 |
| DB Schema |
2019_02_10_220000_add_dates_to_fdb (132) |
| Web Server |
nginx/1.12.2 |
| PHP |
7.2.16 |
| MySQL |
5.5.60-MariaDB |
| RRDtool |
1.4.8 |
Config validation passes ok.
checked that Syslog module is enable:
enable_syslog 1
| syslog_filter |
|
| 0 |
last message repeated |
| 1 |
Connection from UDP: [ |
| 2 |
ipSystemStatsTable node ipSystemStatsOutFragOKs not implemented |
| 3 |
diskio.c |
syslog_purge 30
I have not make any changes other than adding the SNMP devices and configured to send syslog to the LibreNMS server.
devices where added by IP address not dns names and they show with the IP address on the device list.
doing a tcpdump in the libreNMS server I can see that the devices (cisco firepower and cisco wlc 2500) are sending the logs:
firepower:
sudo tcpdump -i eth0 host 10.10.4.6 and port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:02:16.707638 IP 10.10.4.6.syslog > localhost.localdomain.syslog: SYSLOG local4.info, length: 171
20:02:16.712619 IP 10.10.4.6.syslog > localhost.localdomain.syslog: SYSLOG local4.info, length: 151
20:02:16.776065 IP 10.10.4.6.syslog > localhost.localdomain.syslog: SYSLOG local4.info, length: 151
20:02:16.795550 IP 10.10.4.6.syslog > localhost.localdomain.syslog: SYSLOG local4.info, length: 171
20:02:16.811156 IP 10.10.4.6.syslog > localhost.localdomain.syslog: SYSLOG local4.info, length: 171
20:02:16.845974 IP 10.10.4.6.syslog > localhost.localdomain.syslog: SYSLOG local4.info, length: 171
wlc 2500:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:27:51.350977 IP 10.10.40.2.filenet-obrok > localhost.localdomain.syslog: SYSLOG local0.error, length: 189
20:27:51.351132 IP 10.10.40.2.filenet-obrok > localhost.localdomain.syslog: SYSLOG local0.error, length: 189
This is practically a default LibreNMS install using the CentOS provided image, is there anything else that needs to be done to see the Syslog messages in the server webUI?
Thanks in advance!
Jose H.
You need to configure syslog as well on the server. You should probably have a look here :
https://docs.librenms.org/Extensions/Syslog/
1 Like
Hello,
Thank you for the reply.
I have followed the steps listed in the document:
https://docs.librenms.org/Extensions/Syslog/
However when I do âsudo yum install syslog-ngâ it shows that syslog is already installed
Package syslog-ng-3.5.6-3.el7.x86_64 already installed and latest version
Nothing to do
I have opened the file âsyslog-ng.confâ , but it looks pretty much the same, however I added:
filter f_kernel { facility(kern); };
filter f_default { level(infoâŚemerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)); };
filter f_auth { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emergency { level(emerg); };
filter f_news { facility(uucp) or
(facility(news)
and level(critâŚemerg)); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };
After I restarted the service âsudo service syslog-ng restartâ
I have checked that âconfig.phpâ has the Syslog extension enabled:
$config[âenable_syslogâ] = 1;
Unfortunately, still same behavior. I can see the devices sending the logs messages to the server but still wont show up.
Is there anything else that needs to be added or modified on âsyslog-ng.confâ do I need to specify in the file the devices?
Best regards,
I have tried everything I could find⌠we can see that the server is listening to port udp 514
[zmlman@localhost ~]$ sudo netstat -tulpn | grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 19585/syslog-ng
udp 0 0 0.0.0.0:514 0.0.0.0:* 19585/syslog-ng
udp 0 0 0.0.0.0:514 0.0.0.0:* 19585/syslog-ng
udp 0 0 0.0.0.0:514 0.0.0.0:* 19585/syslog-ng
Also, it seems that syslog-ng service is running:
sudo service syslog-ng status
Redirecting to /bin/systemctl status syslog-ng.service
â syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-04-26 19:24:43 UTC; 25min ago
Docs: man:syslog-ng(8)
Main PID: 19585 (syslog-ng)
CGroup: /system.slice/syslog-ng.service
ââ 7742 php /opt/librenms/syslog.php
ââ19585 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
Apr 26 19:24:43 localhost.localdomain systemd[1]: Stopped System Logger Daemon.
Apr 26 19:24:43 localhost.localdomain systemd[1]: Starting System Logger DaemonâŚ
Apr 26 19:24:43 localhost.localdomain systemd[1]: Started System Logger Daemon.
I ran out of ideas, any help will be greatly appreciated
Try to enable logging to a file on syslog-ng so you can validate syslog-ng does the job.
Could also have some permission issue in the script called by syslogng to âgiveâ the syslogs to Librenms.