I have installed [1.53.1-41-ga382d11c7] + Ubuntu 1804 + syslog + apache or nginx, followed the URL “https://docs.librenms.org/Extensions/Syslog/” and already configure cisco switch and run loggen command in same hosts to send log to installed Librenms server, syslog-ng debug mode enabled and tcpdump success to see a message received, but cannot see any syslog shown to web gui, and no any message logged to the syslog field under Librenms DB, run /opt/librenms/validate.php is no any error message, please advise any solution to fix, I installed two times but have same result.

Please post your validate.

So u say u are recieving syslog msg? (on your librenms server)
But not inside libre?

I think you should recheck your syslog-ng config.
Here it stands that the handler needs to go to
“/opt/librenms/syslog.php”

Thank you, I will post the validate result asap.

I followed the Librenms page to setup syslog, and confirm syslog-ng received syslog from router and loggen command generated from localhost, I also added file base destination in syslog-ng.conf and success to logged to /var/log/xxx.log, I was suspect is permission problem for the Librenms write the syslog message to the database, how to see any related message to know Librenms try to save the log to the database ?

So does it hit opt/librenms/syslog.php?
Syslog-ng is not part of librenms, so log to a xxx.log file whont do librenms annything.
It needs to log to the PHP script inside librenms?
Whit the correct formats as in the docs of librenms?

Yes, the syslog.php was hit by syslog-ng, and file base log file was success to write all received log message, and following is the validate.php output result, I have followed the librenms page https://docs.librenms.org/Extensions/Syslog/ to setup syslog.

systemctl status syslog-ng

syslog-ng.service - System Logger Daemon
Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-07-20 18:19:54 HKT; 24h ago
Docs: man:syslog-ng(8)
Process: 12623 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 9646 (syslog-ng)
Tasks: 4 (limit: 4915)
CGroup: /system.slice/syslog-ng.service
± 9646 /usr/sbin/syslog-ng -F
±12635 /bin/sh -c /opt/librenms/syslog.php
±12636 php /opt/librenms/syslog.php

syslog-ng.conf
destination d_file {
file("/var/log/messages_syslog-ng.log");
};

validate.php result

/opt/librenms/validate.php

====================================

[OK] Composer Version: 1.8.6
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[WARN] Your local git contains modified files, this could prevent automatic updates.
[FIX]:
You can fix this with ./scripts/github-remove
Modified Files:
bootstrap/cache/.gitignore
logs/.gitignore
rrd/.gitignore
storage/app/.gitignore
storage/app/public/.gitignore
storage/debugbar/.gitignore
storage/framework/cache/.gitignore
storage/framework/cache/data/.gitignore
storage/framework/sessions/.gitignore
storage/framework/testing/.gitignore
storage/framework/views/.gitignore
storage/logs/.gitignore

Syslog fields empty

MariaDB [(none)]> use librenms;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [librenms]> select * from syslog;
Empty set (0.00 sec)

I was tired to install everything on CentOS 7 and follow all document from Librenms, but result is same, syslog generated and hit the syslog-ng but not write to DB, I don’t know how to trace the /opt/librenms/syslog.php is work or other issue, I also enable the log in MariaDB but can’t see any log for write syslog message activities

on my CentOS7:

i only have 1 syslog.php like this:

Main PID: 185 (syslog-ng)
CGroup: /system.slice/syslog-ng.service
├─ 185 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
└─17756 php /opt/librenms/syslog.php

I think your syslog-ng.conf is still wrong

It’s best if you post syslog config using pastebin and link it here.

Here is my syslog conf under centos 7 and syslog-ng status message

@version:3.5
@include “scl.conf”

options {
chain_hostnames(off);
flush_lines(0);
use_dns(no);
use_fqdn(no);
owner(“root”);
group(“adm”);
perm(0640);
stats_freq(0);
bad_hostname("^gconfd$");
};

source s_sys {
system();
internal();
};

source s_net {
tcp(port(514) flags(syslog-protocol));
udp(port(514) flags(syslog-protocol));
};

########################

Destinations

########################
destination d_librenms {
program("/opt/librenms/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC||$MSG||$PROGRAM\n") template-escape(yes));
};

filter f_kernel { facility(kern); };
filter f_default { level(info…emerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)); };
filter f_auth { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emergency { level(emerg); };
filter f_news { facility(uucp) or
(facility(news)
and level(crit…emerg)); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };

########################

Log paths

########################
log {
source(s_net);
source(s_sys);
destination(d_librenms);
};

Source additional configuration files (.conf extension only)

@include “/etc/syslog-ng/conf.d/*.conf”

vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

systemctl status syslog-ng

● syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-07-22 23:47:37 HKT; 3s ago
Docs: man:syslog-ng(8)
Main PID: 23844 (syslog-ng)
CGroup: /system.slice/syslog-ng.service
├─23844 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
└─23845 php /opt/librenms/syslog.php

Jul 22 23:47:37 librenms.test systemd[1]: Starting System Logger Daemon…
Jul 22 23:47:37 librenms.test systemd[1]: Started System Logger Daemon.

this is standaart config of librenms

i don tknow if it has effect… is selinux enabled ?(sestatus)

if so can u disable it for the time, and test again?