Syslog not shown in Librenms user interface for remote servers

basil · 5 September 2023 12:31

Hi,

In have configured Librenms to log syslog from remote servers.

The versions used are as shown in the image below.

The syslog for the remote device is empty

The validate ./validate.php output is provided below:

librenms@test-basil-test:~$ ./validate.php 
===========================================
Component | Version
--------- | -------
LibreNMS  | 23.8.2-25-g6d1b1ac1f (2023-09-04T03:47:23+00:00)
DB Schema | 2023_09_01_084057_application_new_defaults (258)
PHP       | 8.2.9
Python    | 3.8.10
Database  | MariaDB 10.3.38-MariaDB-0ubuntu0.20.04.1
RRDTool   | 1.7.2
SNMP      | 5.8
===========================================

[OK]    Composer Version: 2.5.8
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database Schema is current
[OK]    SQL Server meets minimum requirements
[OK]    lower_case_table_names is enabled
[OK]    MySQL engine is optimal
[OK]    Database and column collations are correct
[OK]    Database schema correct
[OK]    MySQl and PHP time match
[OK]    Active pollers found
[OK]    Dispatcher Service not detected
[OK]    Locks are functional
[OK]    Redis is unavailable
[OK]    rrd_dir is writable
[OK]    rrdtool version ok

The /opt/librenms/syslog.php code is given below:

#!/usr/bin/env php
<?php

/**
 * LibreNMS
 *
 *   This file is part of LibreNMS.
 *
 * @copyright  (C) 2006 - 2012 Adam Armstrong
 */
$init_modules = [];
require __DIR__ . '/includes/init.php';

$s = fopen('php://stdin', 'r');
while ($line = fgets($s)) {
    //logfile($line);
    [$entry['host'],$entry['facility'],$entry['priority'], $entry['level'], $entry['tag'], $entry['timestamp'], $entry['msg'], $entry['program']] = explode('||', trim($line));
    process_syslog($entry, 1);
    unset($entry);
    unset($line);
}

The code in /opt/librenms/config.php is given below:

<?php

## Have a look in misc/config_definitions.json for examples of settings you can set here. DO NOT EDIT misc/config_definitions.json!

// This is the user LibreNMS will run as
//Please ensure this user is created and has the correct permissions to your install
$config['user'] = 'librenms';

### This should *only* be set if you want to *force* a particular hostname/port
### It will prevent the web interface being usable form any other hostname
#$config['base_url']        = "/";

### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir
### and that your web server has permission to talk to rrdcached.
#$config['rrdcached']    = "unix:/var/run/rrdcached.sock";

### Default community
#$config['snmp']['community'] = array('public');

### Authentication Model
#$config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth
#$config['http_auth_guest'] = "guest"; # remember to configure this user if you use http-auth

### List of RFC1918 networks to allow scanning-based discovery
#$config['nets'][] = "10.0.0.0/8";
#$config['nets'][] = "172.16.0.0/12";
#$config['nets'][] = "192.168.0.0/16";

# Uncomment the next line to disable daily updates
#$config['update'] = 0;

# Number in days of how long to keep old rrd files. 0 disables this feature
$config['rrd_purge'] = 0;

# Uncomment to submit callback stats via proxy
#$config['callback_proxy'] = "hostname:port";

# Set default port association mode for new devices (default: ifIndex)
#$config['default_port_association_mode'] = 'ifIndex';

# Enable the in-built billing extension
#$config['enable_billing'] = 1;

# Enable the in-built services support (Nagios plugins)
$config['show_services'] = 1;
$config['enable_syslog'] = 1;
$config['syslog_purge'] = 30;

I’m using rsyslog configuration and the code is as below:

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")


$template RemInputLogs, "/var/log/remotelogs/%FROMHOST-IP%/%PROGRAMNAME%.log"
*.* ?RemInputLogs


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#

$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

Please help to resolve the issue.

Awaiting response.

pasta · 7 September 2023 11:44

If you use tcpdump -n -i <int_name> -f "port 514" on your server. Can you see you receive the syslog messages from the remote sender to the NMS server?

If yes,

check firewall permits packets inbound,
is /etc/rsyslog.d/30-librenms.conf properly configured?

If no,

Check network connectivity between syslog sender and receiver,

basil · 12 September 2023 03:30

Hi,

Thank you for the reply.

I had already enabled logging the remote syslogs according to the host under location below by specifying the template in /etc/rsyslog.conf

/var/log/remotelogs/ip-remote-server

All the syslogs messages are getting delivered in the log file, but it’s no shown in the librenms database, and the syslog in the librenms user interface shows empty.

Also, the file /etc/rsyslog.d/30-librenms.conf. with the same code is too configured already, but syslog is emply

pasta · 12 September 2023 07:27

Personally. I stuck to syslog-ng. I remember I had problems in the beginning, too with have syslog entries show up in LibreNMS. Which - in my setup - I narrowed down to LibreNMS needing to match the source IP (“sender”) with a configured host (“IP” or “Resolved IP”) in LibreNMS.

Sidenote, Are you aware if the rsyslog server delivers the syslog entries to multiple outputs (file + librenms). Or if it stops after delivering to the first output? (e.g. file, then stop) The rsyslog example from the docs does e.g. have the & stop line included in the example.

basil · 14 September 2023 08:27

The remote syslogs gets written to the log file, but not to librenms database.

Yes, the code in /etc/rsyslog.d/30-librenms.conf ends with

& stop

basil · 14 September 2023 08:44

Hi,

Thank you for the support. I have fixed the issue, by setting “fromhost” to “hostname” in `/etc/rsyslog.d/30-librenms.conf

system · 21 September 2023 08:44

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.