Syslog messages were reporting correctly in the LibreNMS GUI until 3/17/19, at which point they simply stopped; however, I’m not aware of any changes to the server.
I do not see new syslog message for any host in the GUI. I did already try restarting syslog-ng as well as a server reboot. Please find the the conf file below. Thanks.
[root@utlibrenms syslog-ng]# cat syslog-ng.conf
@version:3.5
@include "scl.conf"
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
# located in /etc/syslog-ng/conf.d/
options {
chain_hostnames(off);
flush_lines(0);
use_dns(no);
use_fqdn(no);
owner("root");
group("adm");
perm(0640);
stats_freq(0);
bad_hostname("^gconfd$");
};
source s_sys {
system();
internal();
};
source s_net {
tcp(port(601) flags(syslog-protocol));
udp(port(514) flags(syslog-protocol));
};
########################
# Destinations
########################
destination d_librenms {
program("/opt/librenms/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC||$MSG||$PROGRAM\n") template-escape(yes));
};
destination d_local {
file("/var/log/syslog-ng/messages_${HOST}"); };
filter f_kernel { facility(kern); };
filter f_default { level(debug..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)); };
filter f_auth { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emergency { level(emerg); };
filter f_news { facility(uucp) or
(facility(news)
and level(crit..emerg)); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };
########################
# Log paths
########################
log {
source(s_net);
source(s_sys);
destination(d_librenms);
destination (d_local);
};
# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"
# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
Ok just saw somewhere if you want two destinations you need separate log declarations otherwise it will only send to one of them and not both. Thought worth a shot.
I am having the same issue. No syslog messages from any device are showing up since 4/7. I have checked my syslog-ng.conf and everything looks good. Restarted syslog-ng and the server itself. Have there been any updates or fixes discovered?
edit: purged all syslog by setting $config[‘syslog_purge’] =1 and running daily.sh. Then optimized the syslog table by running
mysql> optimize table syslog;
The syslog table is now 176k and is not growing but the server is still receiving syslog messages per tcpdump. Any help with this would be appreciated. Thanks.
I was able to get syslog working again by switching to the nightly release and updating with daily.sh. As soon as it completed syslog messages started to appear in the GUI.
I had been on the monthly stable so latest version was 1.50. I switched to the daily dev branch (master) by commenting out $config[‘update_channel’] = ‘release’; in config.php and running daily.sh.
Current validate.php:
[librenms@librenms librenms]$ ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS | 1.50-41-gd069d0f
DB Schema | 2019_02_10_220000_add_dates_to_fdb (132)
PHP | 7.2.16
MySQL | 5.5.60-MariaDB
RRDTool | 1.4.8
SNMP | NET-SNMP 5.7.2
====================================
[OK] Composer Version: 1.8.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[FAIL] Discovery has not completed in the last 24 hours.
[FIX]:
Check the cron job to make sure it is running and using discovery-wrapper.py
Yes, we do use FQDN in all of our devices, including the libre server itself. If that isn’t best practice we can change it. Odd that the bug would have manifested on the 7th, more than a week after the update to latest stable.
I will have to keep a better eye on it in the future if and when we switch back to stable.
I just returned from an extended vacation to find that syslog stopped working again on 4/21. The last thing logged was logrotate starting on the librenms server. I can’t believe it’s just a coincidence. I stopped logrotate and also restarted the server. Syslog is still not working. Does anyone have any further suggestions?