mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
librenms-librenms/doc/Extensions/Graylog.md
Zane C. Bowers-Hadley e4c9153d16 more documentation clean up (#10577) 
* fix a few bare URLs

* make mdl happy

* make Weathermap.md as mdl happy as possible

* make Varnish.md as mdl happy as possible

* make Two-Factor-Auth.md mdl happy

* touch one header for Syslog.md, but little can be done about the rest

* make Sub-Directory.md as mdl happy as possible

* make SNMP-Trap-Handler.md lint happy

* make SNMP-Proxy.md mdl happy

* make Smokeping.md as mdl happy as possible

* make Services.md mdl happy

* make RRDTune.md mdl happy

* cleanup RRDCached.md as much as possible

* make RRDCached-Security.md mdl happy

* make Rancid.md as mdl happy as possible

* make Proxmox.md mdl happy

* make Plugin-System.md as mdl happy as possible

* make PeeringDB.md mdl happy

* make Oxidized.md more lint happy

* make Network-Map.md mdl happy

* make MIB-based-polling.md as mdl happy as possible

* make Metric-Storage.md mdl happy

* make IRC-Bot.md as mdl happy as possible

* make IRC-Bot-Extensions.md as mdl happy as possible

* make

* make Graylog.md mdl happy

* make Gateone.md mdl happy

* make Fast-Ping-Check.md mdl happy

* make Distributed-Poller.md as mdl happy as possible

* make Dispatcher-Service.md as mdl happy as possible

* make Device-Groups.md mdl happy

* make Dell-OpenManage.md mdl happy

* make Dashboard.md mdl happy

* make Customizing-the-Web-UI.md as mdl happy as possible

* make Component.md mdl happy

* make Billing-Module.md mdl happy

* make Auto-Discovery.md mostly mdl happy

* make Authentication.md as mdl happy as possible

* tidy up a few lines in Applications.md

* make Agent-Setup.md as mdl happy as possible

* make metrics/OpenTSDB.md mdl happy

* spelling fix
2019-09-09 12:48:35 +02:00

122 lines
4.2 KiB
Markdown
Raw Blame History

source: Extensions/Graylog.md
path: blob/master/doc/
# Graylog integration
We have simple integration for Graylog, you will be able to view any
logs from within LibreNMS that have been parsed by the syslog input
from within Graylog itself. This includes logs from devices which
aren't in LibreNMS still, you can also see logs for a specific device
under the logs section for the device.
Currently, LibreNMS does not associate shortnames from Graylog with
full FQDNS. If you have your devices in LibreNMS using full FQDNs,
such as hostname.example.com, be aware that rsyslogd, by default,
sends the shortname only. To fix this, add
`$PreserveFQDN on`
to your rsyslog config to send the full FQDN so device logs will be
associated correctly in LibreNMS. Also see near the bottom of this
document for tips on how to enable/suppress the domain part of
hostnames in syslog-messages for some platforms.
Graylog itself isn't included within LibreNMS, you will need to
install this separately either on the same infrastructure as LibreNMS
or as a totally standalone appliance.
Config is simple, here's an example based on Graylog 2.4:
```php
$config['graylog']['server'] = 'http://127.0.0.1';
$config['graylog']['port'] = 9000;
$config['graylog']['username'] = 'admin';
$config['graylog']['password'] = 'admin';
$config['graylog']['version'] = '2.4';
```
Graylog messages are stored using GMT timezone. You can display
graylog messages in LibreNMS webui using your desired timezone by
setting following option in config.php:
```php
$config['graylog']['timezone'] = 'Europe/Bucharest';
```
Timezone must be PHP supported timezones, available at:
<http://php.net/manual/en/timezones.php>
If you are running a version earlier than Graylog then please set
`$config['graylog']['version']` to the version number of your Graylog
install. Earlier versions than 2.1 use the default port `12900`
If you have altered the default uri for your Graylog setup then you
can override the default of `/api/` using `$config['graylog']['base_uri'] = '/somepath/';`
If you choose to use another user besides the admin user, please note
that currently you must give the user "admin" permissions from within
Graylog, "read" permissions alone are not sufficient.
If you have enabled TLS for the Graylog API and you are using a
self-signed certificate, please make sure that the certificate is
trusted by your LibreNMS host, otherwise the connection will
fail. Additionally, the certificate's Common Name (CN) has to match
the FQDN or IP address specified in `$config['graylog']['server']`.
If you want to match the source address of the log entries against any
IP address of a device instead of only against the primary address and
the host name to assign the log entries to a device, you can activate
this function using $config['graylog']['match-any-address'] = 'true';
There are 2 configuration parameters to influence the behaviour of the
"Recent Graylog" table on the overview page of the
devices. $config['graylog']['device-page']['rowCount'] sets the
maximum number of rows to be displayed (default: 10) With
$config['graylog']['device-page']['loglevel'] you can set which
loglevels should be displayed on the overview page. (default: 7, min:
0, max: 7) $config['graylog']['device-page']['loglevel'] = 4 shows
only entries with a log level less than or equal to 4 (Emergency,
Alert, Critical, Error, Warning).
You can set a default Log Level Filter with
$config['graylog']['loglevel'] (applies to /graylog and
/device/device=/tab=logs/section=graylog/ (min: 0, max: 7)
# Suppressing/enabling the domain part of a hostname for specific platforms
You should see if what you get in syslog/Graylog matches up with your
configured hosts first. If you need to modify the syslog messages from
specific platforms, this may be of assistance:
## IOS (Cisco)
```
router(config)# logging origin-id hostname
```
or
```
router(config)# logging origin-id string
```
## JunOS (Juniper Networks)
```
set system syslog host yourlogserver.corp log-prefix YOUR_PREFERRED_STRING
```
## PanOS (Palo Alto Networks)
```
set deviceconfig setting management hostname-type-in-syslog hostname
```
or
```
set deviceconfig setting management hostname-type-in-syslog FQDN
```
Reference in New Issue View Git Blame Copy Permalink