Hello everyone,
Just worked with syslog/snmptraps on librenms and my own systems and found that syslog string of values was divided by 2 pipes. I worked on JSON template for rsyslog and reworked syslog.php file.
Up to you if you want to try it :
/etc/rsyslog.conf :
# add this at the end of rsyslog.conf
module(load="omprog")
template(
name="json"
type="string"
string="{\"host\":\"%FROMHOST:::json%\",\"facility\":\"%syslogfacility-text%\",\"priority\":\"%syslogpriority-text%\",\"level\":\"%syslogseverity%\",\"tag\":\"%syslogtag%\",\"timestamp\":\"%$YEAR%-%$MONTH%-%$DAY% %timegenerated:8:25%\",\"msg\":\"%msg:::json%\",\"program\":\"%programname%\"}\n"
)
action(
type="omprog"
binary="/opt/librenms/syslog.php"
template="json"
)
/opt/librenms/syslog.php :
#!/usr/bin/env php
<?php
$init_modules = array();
require __DIR__ . '/includes/init.php';
$s = fopen('php://stdin', 'r');
while ($line = fgets($s)) {
$e = json_decode(trim($line), true);
process_syslog($e, 1);
unset($e);
unset($line);
}