diff --git a/doc/Extensions/Syslog.md b/doc/Extensions/Syslog.md index cb0ef8a0b6..1deb197aef 100644 --- a/doc/Extensions/Syslog.md +++ b/doc/Extensions/Syslog.md @@ -4,6 +4,8 @@ This document will explain how to send syslog data to LibreNMS. ### Syslog server installation +#### syslog-ng + For Debian / Ubuntu: ```ssh apt-get install syslog-ng @@ -81,6 +83,43 @@ Add the following to your LibreNMS config.php file to enable the Syslog extensio $config['enable_syslog'] = 1; ``` +#### rsyslog + +If you prefer rsyslog, here are some hints on how to get it working. + +Add the following to your rsyslog config somewhere (could be at the top of the file in the step below, could be in `rsyslog.conf` if you are using remote logs for something else on this host) + +```ssh +# Listen for syslog messages on UDP:514 +$ModLoad imudp +$UDPServerRun 514 +``` + +Create a file called something like `/etc/rsyslog.d/30-librenms.conf` containing: + +```ssh +# Feed syslog messages to librenms +$ModLoad omprog + +$template librenms,"%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n" + +:inputname, isequal, "imudp" action(type="omprog" + binary="/opt/librenms/syslog.php" + template="librenms") +& stop + +``` + +Ancient versions of rsyslog may require different syntax. + +If your rsyslog server is recieving messages relayed by another syslog server, you may try replacing `%fromhost%` with `%hostname%`, since `fromhost` is the host the message was received from, not the host that generated the message. The `fromhost` property is preferred as it avoids problems caused by devices sending incorrect hostnames in syslog messages. + +Add the following to your LibreNMS `config.php` file to enable the Syslog extension: + +```ssh +$config['enable_syslog'] = 1; +``` + ### Client configuration Below are sample configurations for a variety of clients. You should understand the config before using it as you may want to make some slight changes.