[Observium] Syslog from NX-OS device

Discussion:

Ole Hansen

2014-06-24 14:49:30 UTC

Hi,

I'm trying to get syslog (using syslog-ng) from some NX-OS devices into Observium, but so far no luck.

I'm using the following syslog-ng configuration

template t_observium {
template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC||$MSG||$PROGRAM\n"); template-escape(yes);
};

destination d_observium {
program("/opt/observium/syslog.php" template (t_observium));
};

Works fine for IOS-devices

The output that would be sent to syslog.php i can see by adding:

destination d_foo { file("/tmp/foo.log" template(t_observium)); };

and the following output is in my file:

10.10.10.10||local7||info||info||be||2014-06-24 16:43:08||Jun 24 14:43:07: %SEC-6-IPACCESSLOGP: list flow denied udp 192.168.10.10(137) -> 192.168.11.10(137), 5 packets ||147696
10.10.10.11||local7||notice||notice||bd||2014-06-24 16:43:16||2014 Jun 24 16:43:16.724 CEST: %SYSMGR-5-CFGWRITE_STARTED: Configuration copy started (PID 2143).||

any ideas? I've tried uncommenting the debug part of syslog.php, but i don't get any output in /tmp/syslog.out or /tmp/syslog.err

Oh, and by the way. Syslog from Fabric-OS devices works fine as well.

Netic A/S

Ole Hansen

Mail: oha at netic.dk
Mobil: +45 23253747
Fastnet: +45 96356187

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://postman.memetic.org/pipermail/observium/attachments/20140624/fb027282/attachment.html>

Steffen Klemer

2014-06-24 20:12:03 UTC

Permalink

Post by Ole Hansen
Hi,
I'm trying to get syslog (using syslog-ng) from some NX-OS devices
into Observium, but so far no luck.
I'm using the following syslog-ng configuration
template t_observium {
template
("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY
$HOUR:$MIN:$SEC||$MSG||$PROGRAM\n"); template-escape(yes); };

For me it works with

destination d_observium {
program("/opt/observium/syslog.php" template
("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$YEAR-$MONTH-$DAY
$HOUR:$MIN:$SEC||$MSG||$PROGRAM\n") template-escape(yes)); };

Post by Ole Hansen
10.10.10.10||local7||info||info||be||2014-06-24 16:43:08||Jun 24
14:43:07: %SEC-6-IPACCESSLOGP: list flow denied udp
192.168.10.10(137) -> 192.168.11.10(137), 5 packets ||147696
10.10.10.11||local7||notice||notice||bd||2014-06-24 16:43:16||2014
Jun 24 16:43:16.724 CEST: %SYSMGR-5-CFGWRITE_STARTED: Configuration
copy started (PID 2143).||

I see an ip-addresses instead of a hostname in your first field here.
iirc observium can only work with hostnames and especially needs the
hostname in the first field to be identical to the one in the database
(i.e. with or without FQDN), therefor I set

use_dns(yes) and use_fqdn(no) instead of keep_hostname(yes) like it is
written in the manual.

It total it looks like this for me:

options { chain_hostnames(off); flush_lines(0); use_dns(yes);
use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};

But you can also set a hostname in nx-os and redefine the logging very
fine granular.

/Steffen
--
Steffen Klemer E-Mail: Steffen.Klemer at gwdg.de
Tel: +49 551 39 172361
__________________________________________________________________
GWDG
Am Fassberg 11, 37077 G?ttingen
URL: http://www.gwdg.de E-Mail: gwdg at gwdg.de
Tel.: +49 (0)551 201-1510 Fax: +49 (0)551 201-2150
Gesch?ftsf?hrer: Prof. Dr. Ramin Yahyapour
Aufsichtsratsvorsitzender: Dipl.-Kfm. Markus Hoppe
Sitz der Gesellschaft: G?ttingen
Registergericht: G?ttingen Handelsregister-Nr. B 598

Ole Hansen

2014-06-25 07:22:50 UTC

Permalink

Hi,

Post by Steffen Klemer

Ahh.. You've sent me in the right direction. Reverse lookup for one of the IPs did not work. I've fixed that and now I've got NX-OS syslog. Perfect. Thanks :-)

Ole