Syslog not working with librenms.conf

===========================================

[OK] Composer Version: 2.5.1
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database Schema is current
[OK] SQL Server meets minimum requirements
[OK] lower_case_table_names is enabled
[OK] MySQL engine is optimal
[OK] Database and column collations are correct
[OK] Database schema correct
[OK] MySQl and PHP time match
[OK] Active pollers found
[OK] Dispatcher Service is enabled
[OK] Locks are functional
[OK] Python wrapper cron entry is not present
[OK] Redis is unavailable
[OK] rrd_dir is writable
[OK] rrdtool version ok

syslog service don’t start if i use /etc/syslog-ng/conf-d/librenms.conf but if the same file is in /etc/syslog-ng with file name syslog-ng.conf service starts but I don’t receive logs on the librenms.

When asking for help and support, please provide as much information as possible. This should include:

• Steps to reproduce an issue.
• The output of ./validate.php

If it’s an issue with the WebUI then please consider including a screenshot and the browser version you are using.

If you are having troubles with discovery/polling include the pastebin output of:

./discovery.php -h HOSTNAME -d | ./pbin.sh
./poller.php -h HOSTNAME -r -f -d | ./pbin.sh

If you need to post any text longer than a few lines, please use a pastebin service such as https://p.libren.ms using non-expiring pastes.

What is the error you get when starting the syslog service?

You need the ibrenms.conf file or the message will not be sent to librenms.

Start with checking that file carefully for any format ing issue, extra character or missing bits.

If/When you get the service up you can start checking the message path with “syslog-ng-ctl” and “tcpdump”

Kindly find the below.

[email protected]:/etc/syslog-ng# systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-02-02 14:05:20 +03; 55min ago
Docs: man:syslog-ng(8)
Main PID: 2597243 (syslog-ng)
Tasks: 4 (limit: 19093)
Memory: 8.6M
CPU: 2.852s
CGroup: /system.slice/syslog-ng.service
└─2597243 /usr/sbin/syslog-ng -F

Feb 02 14:05:20 zabbix1 systemd[1]: Starting System Logger Daemon…
Feb 02 14:05:20 zabbix1 systemd[1]: Started System Logger Daemon.
[email protected]:/etc/syslog-ng# ll
total 68
drwxr-xr-x 4 root root 4096 Feb 2 14:05 ./
drwxr-xr-x 118 root root 4096 Feb 2 13:33 …/
-rw-r–r-- 1 root root 0 Feb 2 10:31 ‘^^^^^^^^^^^^^^^’
-rw-r–r-- 1 root root 0 Feb 2 10:31 ‘}’
drwxr-xr-x 2 root root 4096 Feb 2 14:03 conf.d/
-rw-r–r-- 1 root root 5967 Feb 2 14:04 librenms.conf
drwxr-xr-x 2 root root 4096 Feb 20 2022 patterndb.d/
-rw-r–r-- 1 root root 1354 Feb 20 2022 scl.conf
-rw-r–r-- 1 root root 0 Feb 2 10:31 source
-rw-r–r-- 1 root root 5967 Feb 2 14:05 syslog-ng.conf
-rw-r–r-- 1 root root 5925 Oct 31 09:53 syslog-ng.conf.back
-rw-r–r-- 1 root root 6978 Feb 2 10:17 syslog-ng.conf.old
-rw-r–r-- 1 root root 5967 Feb 2 12:16 syslog.ok
-rw-r–r-- 1 root root 5967 Feb 2 13:56 syslog.work
[email protected]:/etc/syslog-ng# rm syslog-ng.conf
[email protected]:/etc/syslog-ng# cd conf.d/
[email protected]:/etc/syslog-ng/conf.d# ll
total 40
drwxr-xr-x 2 root root 4096 Feb 2 14:03 ./
drwxr-xr-x 4 root root 4096 Feb 2 15:01 …/
-rw-r–r-- 1 root root 6371 Feb 2 12:17 lib.ok
-rw-r–r-- 1 root root 6371 Feb 2 14:03 libren.lll
-rw-r–r-- 1 root root 1896 Feb 2 11:51 librenms.cfg
-rw-r–r-- 1 root root 5967 Feb 2 11:37 librenms.cfgt
-rw-r–r-- 1 root root 416 Feb 2 11:11 librenms.cold
[email protected]:/etc/syslog-ng/conf.d# cp libren.lll librenms.conf
[email protected]:/etc/syslog-ng/conf.d# systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-02-02 14:05:20 +03; 56min ago
Docs: man:syslog-ng(8)
Main PID: 2597243 (syslog-ng)
Tasks: 3 (limit: 19093)
Memory: 8.6M
CPU: 2.899s
CGroup: /system.slice/syslog-ng.service
└─2597243 /usr/sbin/syslog-ng -F

Feb 02 14:05:20 zabbix1 systemd[1]: Starting System Logger Daemon…
Feb 02 14:05:20 zabbix1 systemd[1]: Started System Logger Daemon.
[email protected]:/etc/syslog-ng/conf.d# systemctl restart syslog-ng
Job for syslog-ng.service failed because the control process exited with error code.
See “systemctl status syslog-ng.service” and “journalctl -xeu syslog-ng.service” for details.
root@zabbix1:/etc/syslog-ng/conf.d# journalctl -eu syslog-ng.service
Feb 02 14:04:37 zabbix1 systemd[1]: Failed to start System Logger Daemon.
Feb 02 14:05:20 zabbix1 systemd[1]: Starting System Logger Daemon…
Feb 02 14:05:20 zabbix1 systemd[1]: Started System Logger Daemon.
Feb 02 15:02:24 zabbix1 systemd[1]: Stopping System Logger Daemon…
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Deactivated successfully.
Feb 02 15:02:24 zabbix1 systemd[1]: Stopped System Logger Daemon.
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Consumed 2.918s CPU time.
Feb 02 15:02:24 zabbix1 systemd[1]: Starting System Logger Daemon…
Feb 02 15:02:24 zabbix1 syslog-ng[2610761]: [2023-02-02T15:02:24.183145] Error opening configuration file; filename=‘/etc/syslog-ng/sys>
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Main process exited, code=exited, status=1/FAILURE
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Failed with result ‘exit-code’.
Feb 02 15:02:24 zabbix1 systemd[1]: Failed to start System Logger Daemon.
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Scheduled restart job, restart counter is at 1.
Feb 02 15:02:24 zabbix1 systemd[1]: Stopped System Logger Daemon.
Feb 02 15:02:24 zabbix1 systemd[1]: Starting System Logger Daemon…
Feb 02 15:02:24 zabbix1 syslog-ng[2610763]: [2023-02-02T15:02:24.498841] Error opening configuration file; filename=’/etc/syslog-ng/sys>
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Main process exited, code=exited, status=1/FAILURE
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Failed with result ‘exit-code’.
Feb 02 15:02:24 zabbix1 systemd[1]: Failed to start System Logger Daemon.
Feb 02 15:02:24 zabbix1 systemd[1]: syslog-ng.service: Scheduled restart job, restart counter is at 2.
Feb 02 15:02:24 zabbix1 systemd[1]: Stopped System Logger Daemon.
Feb 02 15:02:24 zabbix1 systemd[1]: Starting System Logger Daemon…

when syslog-ng.conf is used the service works as soon as i try to use librenms.conf it doesn’t

@Skylark thank you for your support.

I added below lines to syslog-ng.conf and it started working.

source s_net {
        tcp(port(514) flags(syslog-protocol));
        udp(port(514) flags(syslog-protocol));
};

destination d_librenms {
        program("/opt/librenms/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC||$MSG||$PROGRAM\n") template-escape(yes));
};

log {
        source(s_net);
        source(s_sys);
        destination(d_librenms);
};

thank you

Hmm @Skylark

Having a similar issue. syslog-ng is unable to start for me. Fresh install of LibreNMS, Ubuntu 22.04.1 I receive the following after adding the lines above:

/usr/sbin/syslog-ng -F

[2023-02-06T20:06:58.578741] WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.27'
[2023-02-06T20:06:58.593464] Error resolving reference; content='source', name='s_sys', location='/etc/syslog-ng/conf.d/librenms.conf:12:9'

any thoughts?

heh

well got it to work by changing the version to @version: 3.35 in syslog-ng.conf

and adding the following lines:

source s_sys {
    system();
    internal();
};

maybe Syslog - LibreNMS Docs can be updated

This might just be a typo with their documentation for Debian.

source(s_sys) needs to be changed to source(s_src) in /etc/syslog-ng/conf.d/librenms.conf

After changing this on my Ubuntu Server 20.04 everything is working.

I believe this is true. @SCUR0 called it correct. The suggested change worked for me.