I’ve recently deployed a new VM (Ubuntu) for LibreNMS to replace an old, not-really-working deployment (CentOS) and am having an issue after configuring syslog.
I’ve done a very similar build in a home lab and it works flawlessly, though the devices sending syslog are different (Ubiquiti at home, Peplink in the office).
I’ve used my home lab as a rough template as far as syslog is concerned and they match. The issue is I see syslog being received by the server from a tcpdump, but it’s not being pulled/processed/parsed by LibreNMS and I’m not quite sure what the outlier is here.
I’ve read that so long as the device is within LibreNMS and the hostname/IP match, it should be a no brainer, and in this particular instance, that is definitely the case, but beyond that, I’m at a loss.
I don’t know what anyone would want as far as output, so I’ll preempt by popping some data here.
The message received by the server…(some data redacted)
09:09:08.853125 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 190)
xxx.xxx.48.68.46508 > xxx.xxx.50.173.514: SYSLOG, length: 162
Facility local0 (16), Severity notice (5)
Msg: Dec 21 09:09:08 gb-xxx-xxxx-1350-05 SpeedFusion: GB-XXXXX-CNNNGTWN-CPE-01 (GB-XXXXXXXX-Canning-Town, sn:XXXX-XXXX-XXXX) connected to GB-XXXXX-CNNNGTWN-CPE-01
In the case of the IP matching the host, the LibreNMS server does not point to internal DNS, so we’ve created host entries for the devices we’re managing (something I’m working to resolve). And the device most certainly is managed properly.
The config for /etc/syslog-ng/syslog-ng.conf is verbatim to the documentation. The LibreNMS config is as it should be to enable syslog.
I don’t quite know what else to look at so I appreciate any assistance you all can provide.