Hi,
I am trying to send syslog messages as alert notification. I’ve set syslog as transport
(ip, custom port, facility 1) and save it.
Test says it is successful, but nothing is received on the syslog server.
I checked the usual culprits (dns resolution, firewall etc), nothing.
When I telnet to the target port from cli its working fine and I see a garbled message being received - however no messages from Libre are arriving…
how can I check what the problem might be?
Thanks 
Try the help here Testing - LibreNMS Docs
Thanks,
that one confirms that it should send the alert
./scripts/test-alert.php -d -h 119 -r 8
SQL[SELECT alerts.id, alerts.alerted, alerts.device_id, alerts.rule_id, alerts.state, alerts.note, alerts.info FROM alerts WHERE alerts.device_id = 119 && alerts.rule_id = 8 [] 0.45ms]
SQL[SELECT alert_log.id,alert_log.rule_id,alert_log.device_id,alert_log.state,alert_log.details,alert_log.time_logged,alert_rules.rule,alert_rules.severity,alert_rules.extra,alert_rules.name,alert_rules.query,alert_rules.builder,alert_rules.proc FROM alert_log,alert_rules WHERE alert_log.rule_id = alert_rules.id && alert_log.device_id = ? && alert_log.rule_id = ? && alert_rules.disabled = 0 ORDER BY alert_log.id DESC LIMIT 1 [119,8] 0.84ms]
SQL[SELECT DISTINCT a.* FROM alert_rules a
LEFT JOIN alert_device_map d ON a.id=d.rule_id AND (a.invert_map = 0 OR a.invert_map = 1 AND d.device_id = ?)
LEFT JOIN alert_group_map g ON a.id=g.rule_id AND (a.invert_map = 0 OR a.invert_map = 1 AND g.group_id IN (SELECT DISTINCT device_group_id FROM device_group_device WHERE device_id = ?))
LEFT JOIN alert_location_map l ON a.id=l.rule_id AND (a.invert_map = 0 OR a.invert_map = 1 AND l.location_id IN (SELECT DISTINCT location_id FROM devices WHERE device_id = ?))
LEFT JOIN devices ld ON l.location_id=ld.location_id AND ld.device_id = ?
LEFT JOIN device_group_device dg ON g.group_id=dg.device_group_id AND dg.device_id = ?
WHERE a.disabled = 0 AND (
(d.device_id IS NULL AND g.group_id IS NULL AND l.location_id IS NULL)
OR (a.invert_map = 0 AND (d.device_id=? OR dg.device_id=? OR ld.device_id=?))
OR (a.invert_map = 1 AND (d.device_id != ? OR d.device_id IS NULL) AND (dg.device_id != ? OR dg.device_id IS NULL) AND (ld.device_id != ? OR ld.device_id IS NULL))
) [119,119,119,119,119,119,119,119,119,119,119] 2.87ms]
SQL[select * from `devices` where `device_id` = ? limit 1 [119] 0.39ms]
SQL[select * from `locations` where `locations`.`id` = ? limit 1 [1] 0.16ms]
SQL[select * from `devices_attribs` where `devices_attribs`.`device_id` = ? and `devices_attribs`.`device_id` is not null [119] 0.28ms]
RRD[lastupdate icx745024g. /icmp-perf.rrd --daemon unix:/run/rrdcached.sock]
SQL[select * from `alert_templates` where exists (select * from `alert_template_map` where `alert_templates`.`id` = `alert_template_map`.`alert_templates_id` and `alert_rule_id` = ?) limit 1 [8] 0.29ms]
SQL[select * from `alert_templates` where `name` = ? limit 1 ["Default Alert Template"] 0.14ms]
Issuing Alert-UID #492694/1:
SQL[SELECT `rule_id` FROM `alerts` WHERE `id`=? [3800] 0.21ms]
SQL[SELECT b.transport_id, b.transport_type, b.transport_name FROM alert_transport_map AS a LEFT JOIN alert_transports AS b ON b.transport_id=a.transport_or_group_id WHERE a.target_type='single' AND a.rule_id=? UNION DISTINCT SELECT d.transport_id, d.transport_type, d.transport_name FROM alert_transport_map AS a LEFT JOIN alert_transport_groups AS b ON a.transport_or_group_id=b.transport_group_id LEFT JOIN transport_group_transport AS c ON b.transport_group_id=c.transport_group_id LEFT JOIN alert_transports AS d ON c.transport_id=d.transport_id WHERE a.target_type='group' AND a.rule_id=? [8,8] 0.24ms]
SQL[SELECT transport_id, transport_type, transport_name FROM alert_transports WHERE is_default=true [] 0.1ms]
:: Transport syslog => SQL[select * from `alert_transports` where `alert_transports`.`transport_id` = ? limit 1 [3] 0.14ms]
OKSQL[insert into `eventlog` (`reference`, `type`, `datetime`, `severity`, `message`, `username`, `device_id`) values (?, ?, ?, ?, ?, ?, ?) [null,"alert","2024-10-15 15:44:27",0,"Issued critical alert for rule 'Sensor under limit - Check Device Health Settings' to transport 'syslog'","",119] 0.92ms]
How can I now check why it does not actually send it out?
Have you configured the transport correctly and can you share the settings?
The facility gets multiplied by 8, have you tried setting it to 3 which is the default in the code?
I did now, no luck
@laf Anything else I can check?
here is the function located that sends the message out? Maybe I can look at that.
I am fairly sure its the sending side since the telnet attempt works fine…
Try running a tcpdump -nn -vv port 1507 on the librenms server and see if it’s trying to send it and what’s being sent. If you see it there then you will need to check for any firewalls in between.
Sigh.
Thanks for the pointer - I saw that the packages are actually sent out and received, but they wouldn’t show up in my Log tool.
Turns out i configured the log side to listen on TCP (since that’s what I usually use) while the Librenms Transport didn’t give me a choice (and thus being the default UDP).
Once I changed the listener to UDP it started working as expected.
I didnt think it could be the reciving side since the telnet test worked, but o/c that was using TCP…
Thanks a lot for your help
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
