From a549902acae0c9684e1cc1e4ac630127e31f0473 Mon Sep 17 00:00:00 2001 From: Eldon Koyle Date: Fri, 4 Mar 2016 16:29:02 -0700 Subject: [PATCH 1/2] Basic outline for using rsyslog instead of syslog-ng --- doc/Extensions/Syslog.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/doc/Extensions/Syslog.md b/doc/Extensions/Syslog.md index cb0ef8a0b6..d5b1e37991 100644 --- a/doc/Extensions/Syslog.md +++ b/doc/Extensions/Syslog.md @@ -4,6 +4,8 @@ This document will explain how to send syslog data to LibreNMS. ### Syslog server installation +#### syslog-ng + For Debian / Ubuntu: ```ssh apt-get install syslog-ng @@ -81,6 +83,43 @@ Add the following to your LibreNMS config.php file to enable the Syslog extensio $config['enable_syslog'] = 1; ``` +#### rsyslog + +If you prefer rsyslog, here are some hints on how to get it working. + +Add the following to your rsyslog config somewhere (could be in the file below, could be in rsyslog.conf if you are using remote logs for something else on this host) + +```ssh +# Listen for syslog messages on UDP:514 +$ModLoad imudp +$UDPServerRun 514 +``` + +Create a file called /etc/rsyslog.d/30-librenms.conf containing something like: + +```ssh +# Feed syslog messages to librenms +$ModLoad omprog + +$template librenms,"%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n" + +:inputname, isequal, "imudp" action(type="omprog" + binary="/opt/librenms/syslog.php" + template="librenms") +& stop + +``` + +Ancient versions of rsyslog may require different syntax. + +If your rsyslog server is recieving messages relayed by another syslog server, you may try replacing '%fromhost%' with '%hostname%', since fromhost is the host the message was received from, not the host that generated the message. The fromhost property is preferred as it can help with devices that send incorrect hostnames in syslog messages. + +Add the following to your LibreNMS config.php file to enable the Syslog extension: + +```ssh +$config['enable_syslog'] = 1; +``` + ### Client configuration Below are sample configurations for a variety of clients. You should understand the config before using it as you may want to make some slight changes. From c803e24fb15759dc7b087572bb279c55cfade513 Mon Sep 17 00:00:00 2001 From: Eldon Koyle Date: Fri, 4 Mar 2016 16:35:05 -0700 Subject: [PATCH 2/2] Minor formatting tweaks --- doc/Extensions/Syslog.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/Extensions/Syslog.md b/doc/Extensions/Syslog.md index d5b1e37991..1deb197aef 100644 --- a/doc/Extensions/Syslog.md +++ b/doc/Extensions/Syslog.md @@ -87,7 +87,7 @@ $config['enable_syslog'] = 1; If you prefer rsyslog, here are some hints on how to get it working. -Add the following to your rsyslog config somewhere (could be in the file below, could be in rsyslog.conf if you are using remote logs for something else on this host) +Add the following to your rsyslog config somewhere (could be at the top of the file in the step below, could be in `rsyslog.conf` if you are using remote logs for something else on this host) ```ssh # Listen for syslog messages on UDP:514 @@ -95,7 +95,7 @@ $ModLoad imudp $UDPServerRun 514 ``` -Create a file called /etc/rsyslog.d/30-librenms.conf containing something like: +Create a file called something like `/etc/rsyslog.d/30-librenms.conf` containing: ```ssh # Feed syslog messages to librenms @@ -112,9 +112,9 @@ $template librenms,"%fromhost%||%syslogfacility%||%syslogpriority%||%syslogsever Ancient versions of rsyslog may require different syntax. -If your rsyslog server is recieving messages relayed by another syslog server, you may try replacing '%fromhost%' with '%hostname%', since fromhost is the host the message was received from, not the host that generated the message. The fromhost property is preferred as it can help with devices that send incorrect hostnames in syslog messages. +If your rsyslog server is recieving messages relayed by another syslog server, you may try replacing `%fromhost%` with `%hostname%`, since `fromhost` is the host the message was received from, not the host that generated the message. The `fromhost` property is preferred as it avoids problems caused by devices sending incorrect hostnames in syslog messages. -Add the following to your LibreNMS config.php file to enable the Syslog extension: +Add the following to your LibreNMS `config.php` file to enable the Syslog extension: ```ssh $config['enable_syslog'] = 1;