mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into issue-3041

Browse Source
This commit is contained in:
Ultra2D
2016-03-05 10:05:46 +01:00
parent f969317863 4aa9d30cba
commit 621d3be05c
5 changed files with 145 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
doc/Extensions/Syslog.md
View File

@@ -4,6 +4,8 @@ This document will explain how to send syslog data to LibreNMS.
### Syslog server installation
#### syslog-ng
For Debian / Ubuntu:
```ssh
apt-get install syslog-ng
@@ -81,6 +83,43 @@ Add the following to your LibreNMS config.php file to enable the Syslog extensio
$config['enable_syslog'] = 1;
```
#### rsyslog
If you prefer rsyslog, here are some hints on how to get it working.
Add the following to your rsyslog config somewhere (could be at the top of the file in the step below, could be in `rsyslog.conf` if you are using remote logs for something else on this host)
```ssh
# Listen for syslog messages on UDP:514
$ModLoad imudp
$UDPServerRun 514
```
Create a file called something like `/etc/rsyslog.d/30-librenms.conf` containing:
```ssh
# Feed syslog messages to librenms
$ModLoad omprog
$template librenms,"%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n"
:inputname, isequal, "imudp" action(type="omprog"
binary="/opt/librenms/syslog.php"
template="librenms")
& stop
```
Ancient versions of rsyslog may require different syntax.
If your rsyslog server is recieving messages relayed by another syslog server, you may try replacing `%fromhost%` with `%hostname%`, since `fromhost` is the host the message was received from, not the host that generated the message. The `fromhost` property is preferred as it avoids problems caused by devices sending incorrect hostnames in syslog messages.
Add the following to your LibreNMS `config.php` file to enable the Syslog extension:
```ssh
$config['enable_syslog'] = 1;
```
### Client configuration
Below are sample configurations for a variety of clients. You should understand the config before using it as you may want to make some slight changes.

17
html/includes/print-map.inc.php
View File

@@ -39,6 +39,20 @@ $tmp_link_ids = array();
$ports = array();
$devices = array();
$where = "";
if (is_numeric($vars['group'])) {
$group = dbFetchRows('SELECT `pattern`, `name`, `description` FROM `device_groups` WHERE id = '.$vars['group']);
$group_pattern = rtrim($group['pattern'], '&&');
$group_pattern = rtrim($group_pattern, '||');
$group_name = $group['name'];
$group_description = $group['group_descriptio'];
$device_id_sql = GenGroupSQL($group_pattern);
if ($device_id_sql) {
$where .= " AND D1.device_id IN ($device_id_sql) OR D2.device_id IN ($device_id_sql)";
}
}
if (in_array('mac',$config['network_map_items'])) {
$ports = dbFetchRows("SELECT
`D1`.`device_id` AS `local_device_id`,
@@ -74,6 +88,7 @@ if (in_array('mac',$config['network_map_items'])) {
`P1`.`port_id` IS NOT NULL AND
`P2`.`port_id` IS NOT NULL AND
`D1`.`device_id` != `D2`.`device_id`
$where
$sql
GROUP BY `P1`.`port_id`,`P2`.`port_id`
", $sql_array);
@@ -115,6 +130,7 @@ if (in_array('xdp', $config['network_map_items'])) {
`remote_device_id` != 0 AND
`local_device_id` IS NOT NULL AND
`remote_device_id` IS NOT NULL
$where
$sql
GROUP BY `P1`.`port_id`,`P2`.`port_id`
", $sql_array);
@@ -232,4 +248,5 @@ else {
}
if (is_numeric($vars['group'])) {
$pagetitle[] = "Map";

39
html/includes/print-menubar.php
View File

@@ -48,14 +48,14 @@ else {
<ul class="nav navbar-nav">
<li class="dropdown">
<a href="<?php echo(generate_url(array('page'=>'overview'))); ?>" class="dropdown-toggle" data-hover="dropdown" data-toggle="dropdown"><i class="fa fa-lightbulb-o fa-fw fa-lg fa-nav-icons hidden-md"></i> <span class="hidden-sm">Overview</span></a>
<ul class="dropdown-menu">
<li><a href="<?php echo(generate_url(array('page'=>'overview'))); ?>"><i class="fa fa-lightbulb-o fa-fw fa-lg"></i> Overview</a></li>
<li class="dropdown-submenu">
<a><i class="fa fa-exclamation-circle fa-fw fa-lg"> </i> Alerts</a>
<ul class="dropdown-menu scrollable-menu">
<li><a href="<?php echo(generate_url(array('page'=>'alerts'))); ?>"><i class="fa fa-bell fa-fw fa-lg"></i> Notifications</a></li>
<li><a href="<?php echo(generate_url(array('page'=>'alert-log'))); ?>"><i class="fa fa-th-list fa-fw fa-lg"></i> Historical Log</a></li>
<li><a href="<?php echo(generate_url(array('page'=>'alert-stats'))); ?>"><i class="fa fa-bar-chart fa-fw fa-lg"></i> Statistics</a></li>
<ul class="dropdown-menu multi-level" role="menu">
<li><a href="<?php echo(generate_url(array('page'=>'overview'))); ?>"><i class="fa fa-lightbulb-o fa-fw fa-lg"></i> Overview</a></li>
<li class="dropdown-submenu">
<a><i class="fa fa-exclamation-circle fa-fw fa-lg"> </i> Alerts</a>
<ul class="dropdown-menu scrollable-menu">
<li><a href="<?php echo(generate_url(array('page'=>'alerts'))); ?>"><i class="fa fa-bell fa-fw fa-lg"></i> Notifications</a></li>
<li><a href="<?php echo(generate_url(array('page'=>'alert-log'))); ?>"><i class="fa fa-th-list fa-fw fa-lg"></i> Historical Log</a></li>
<li><a href="<?php echo(generate_url(array('page'=>'alert-stats'))); ?>"><i class="fa fa-bar-chart fa-fw fa-lg"></i> Statistics</a></li>
<?php
if ($_SESSION['userlevel'] >= '10') {
?>
@@ -70,9 +70,24 @@ if ($_SESSION['userlevel'] >= '10') {
</li>
<li class="dropdown-submenu">
<a href="<?php echo(generate_url(array('page'=>'overview'))); ?>"><i class="fa fa-sitemap fa-fw fa-lg"></i> Maps</a>
<ul class="dropdown-menu scrollable-menu">
<li><a href="<?php echo(generate_url(array('page'=>'availability-map'))); ?>"><i class="fa fa-arrow-circle-up fa-fw fa-lg"></i> Availability</a></li>
<li><a href="<?php echo(generate_url(array('page'=>'map'))); ?>"><i class="fa fa-desktop fa-fw fa-lg"></i> Network</a></li>
<ul class="dropdown-menu">
<li><a href="<?php echo(generate_url(array('page'=>'availability-map'))); ?>"><i class="fa fa-arrow-circle-up fa-fw fa-lg"></i> Availability</a></li>
<li>
<a href="<?php echo(generate_url(array('page'=>'map'))); ?>"><i class="fa fa-desktop fa-fw fa-lg"></i> Network</a>
</li>
<?php
require_once '../includes/device-groups.inc.php';
$devices_groups = GetDeviceGroups();
if (count($devices_groups) > 0 ){
echo '<li class="dropdown-submenu"><a href="#"><i class="fa fa-th fa-fw fa-lg"></i> Device Groups Maps</a><ul class="dropdown-menu scrollable-menu">';
foreach( $devices_groups as $group ) {
echo '<li><a href="'.generate_url(array('page'=>'map','group'=>$group['id'])).'" alt="'.$group['desc'].'"><i class="fa fa-th fa-fw fa-lg"></i> '.ucfirst($group['name']).'</a></li>';
}
unset($group);
echo '</ul></li>';
}
?>
</ul>
</li>
<li class="dropdown-submenu">
@@ -145,8 +160,6 @@ foreach (dbFetchRows($sql,$param) as $devtype) {
echo ('</ul>
</li>');
require_once '../includes/device-groups.inc.php';
$devices_groups = GetDeviceGroups();
if (count($devices_groups) > 0 ){
echo '<li class="dropdown-submenu"><a href="#"><i class="fa fa-th fa-fw fa-lg"></i> Device Groups</a><ul class="dropdown-menu scrollable-menu">';
foreach( $devices_groups as $group ) {

7
includes/syslog.php
View File

@@ -88,13 +88,9 @@ function process_syslog($entry, $update) {
// User_CommonName/123.213.132.231:39872 VERIFY OK: depth=1, /C=PL/ST=Malopolska/O=VLO/CN=v-lo.krakow.pl/emailAddress=root@v-lo.krakow.pl
if ($entry['facility'] == 'daemon' and preg_match('#/([0-9]{1,3}\.) {3}[0-9]{1,3}:[0-9]{4,} ([A-Z]([A-Za-z])+( ?)) {2,}:#', $entry['msg'])) {
$entry['program'] = 'OpenVPN';
} //end if
// POP3(username): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=2802
else if ($entry['facility'] == 'mail' and preg_match('#^(((pop3|imap)\-login)|((POP3|IMAP)\(.*\))):', $entry['msg'])) {
$entry['program'] = 'Dovecot';
} // pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
// pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
else if (preg_match('#^(?P<program>(.*((\(|\[).*(\)|\])))):(?P<msg>.*)$#', $entry['msg'], $matches)) {
else if (preg_match('#^(?P<program>([^(:]+\([^)]+\)|[^\[:]+\[[^\]]+\])) ?: ?(?P<msg>.*)$#', $entry['msg'], $matches)) {
$entry['msg'] = $matches['msg'];
$entry['program'] = $matches['program'];
} // SYSLOG CONNECTION BROKEN; FD='6', SERVER='AF_INET(123.213.132.231:514)', time_reopen='60'
@@ -128,7 +124,6 @@ function process_syslog($entry, $update) {
}
$entry['program'] = strtoupper($entry['program']);
array_walk($entry, 'trim');
if ($update) {
dbInsert(

62
tests/SyslogTest.php
View File

@@ -79,6 +79,68 @@ class SyslogTest extends \PHPUnit_Framework_TestCase
);
// run tests
foreach($testdata as $data) {
$res = process_syslog($data['input'], 0);
$this->assertEquals($data['result'], $res);
}
}
public function testLinuxSyslog()
{
// populate fake $dev_cache and $config
global $config, $dev_cache;
$dev_cache['1.1.1.1'] = array('device_id' => 1, 'os' => 'linux', 'version' => 1);
$config = array();
$config['syslog_filter'] = array();
// populate test data
$testdata = array();
// ---- PAM ----
$testdata[] = $this->createData(
"1.1.1.1||authpriv||info||info||56||2016-02-28 00:23:34||pam_unix(cron:session): session opened for user librenms by (uid=0)||CRON",
array('device_id'=>1, 'program'=>'PAM_UNIX(CRON:SESSION)', 'msg'=>'session opened for user librenms by (uid=0)')
);
$testdata[] = $this->createData(
"1.1.1.1||authpriv||info||info||55||2016-02-28 00:23:34||pam_unix(sudo:session): session opened for user librenms by root (uid=0)||sudo",
array('device_id'=>1, 'program'=>'PAM_UNIX(SUDO:SESSION)', 'msg'=>'session opened for user librenms by root (uid=0)')
);
$testdata[] = $this->createData(
"1.1.1.1||auth||info||info||0e||2016-02-28 00:23:34||pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231||sshd",
array('device_id'=>1, 'program'=>'PAM_KRB5(SSHD:AUTH)', 'msg'=>'authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231')
);
$testdata[] = $this->createData(
"1.1.1.1||auth||info||info||0e||2016-02-28 00:23:34||pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231||sshd",
array('device_id'=>1, 'program'=>'PAM_KRB5[SSHD:AUTH]', 'msg'=>'authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231')
);
// ---- Postfix ----
$testdata[] = $this->createData(
"1.1.1.1||mail||info||info||16||2016-02-28 00:23:34||5C62E329EF: to=<admin@example.com>, relay=mail.example.com[127.0.0.1]:25, delay=0.11, delays=0.04/0.01/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5362E6A670E)||postfix/smtp",
array('device_id'=>1, 'program'=>'POSTFIX/SMTP', 'msg'=>'5C62E329EF: to=<admin@example.com>, relay=mail.example.com[127.0.0.1]:25, delay=0.11, delays=0.04/0.01/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5362E6A670E)')
);
$testdata[] = $this->createData(
"1.1.1.1||mail||info||info||16||2016-02-28 00:23:34||D7256400EF: from=<librenms@librenms.example.com>, size=882, nrcpt=1 (queue active)||postfix/qmgr",
array('device_id'=>1, 'program'=>'POSTFIX/QMGR', 'msg'=>'D7256400EF: from=<librenms@librenms.example.com>, size=882, nrcpt=1 (queue active)')
);
// ---- No program ----
$testdata[] = $this->createData(
"1.1.1.1||user||info||info||0e||2016-02-28 00:23:34||some random message||",
array('device_id'=>1, 'program'=>'USER', 'msg'=>'some random message')
);
// ---- Other ----
$testdata[] = $this->createData(
"1.1.1.1||cron||info||info||4e||2016-02-28 00:23:34||(librenms) CMD ( /opt/librenms/alerts.php >> /var/log/librenms_alert.log 2>&1)||CRON",
array('device_id'=>1, 'program'=>'CRON', 'msg'=>'(librenms) CMD ( /opt/librenms/alerts.php >> /var/log/librenms_alert.log 2>&1)')
);
$testdata[] = $this->createData(
"1.1.1.1||authpriv||notice||notice||55||2016-02-28 00:23:34|| root : TTY=pts/1 ; PWD=/opt/librenms ; USER=librenms ; COMMAND=/usr/bin/git status||sudo",
array('device_id'=>1, 'program'=>'SUDO', 'msg'=>' root : TTY=pts/1 ; PWD=/opt/librenms ; USER=librenms ; COMMAND=/usr/bin/git status')
);
// run tests
foreach($testdata as $data) {
$res = process_syslog($data['input'], 0);