Discussion:
[Observium] Rsyslog after upgrade from 13.10.4585 to 14.4.XX
Koen Claes
2015-06-16 14:53:12 UTC
Permalink
Hello,

I am currently using an installation of Observium that works very well.
I installed rsyslog according to this link : http://www.observium.org/wiki/Rsyslog_Syslog_Server

I tried upgrading it for the first time to the most recent version, and everything seemed to work fine, but after a few hours syslogs stopped showing in the web interface. They do still arrive to the machine according to tcpdump.

I rolled back the server and it worked again, even for a week now. After upgrading it again it does the same, works for a while and then stops.

So I have 2 questions:
1: Where are syslogs saved? In the mysql database?
2: Did anything change regarding to syslog in the major version? I did notice a new logs folder.

Thanks


This message has been scanned for malware by Websense. www.websense.com
Jason Lixfeld
2015-06-16 15:56:36 UTC
Permalink
Post by Koen Claes
Hello,
I am currently using an installation of Observium that works very well.
I installed rsyslog according to this link : http://www.observium.org/wiki/Rsyslog_Syslog_Server
I tried upgrading it for the first time to the most recent version, and everything seemed to work fine, but after a few hours syslogs stopped showing in the web interface. They do still arrive to the machine according to tcpdump.
I rolled back the server and it worked again, even for a week now. After upgrading it again it does the same, works for a while and then stops.
1: Where are syslogs saved? In the mysql database?
Depending on how you have your rsyslog server set up, it can be configured to save to local files in addition to being piped to syslog.php, at which point each log will be written to the database.
Post by Koen Claes
2: Did anything change regarding to syslog in the major version? I did notice a new logs folder.
I can’t speak to 13.x or 14.x, but 15.x works fine. I had trouble getting rsyslog working initially, but I got it working as follows:

# /etc/rsyslog.d/30-remote.conf
#
# Based on a default rsyslog.conf file from Debian Jessie (8)
#
module(load="omprog")
module(load="imtcp")
module(load="imudp”)

template(name="observium" type="string" string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")
template(name="hostname" type="string" string="/var/log/remote/%HOSTNAME%.log”)

ruleset(name="remote"){
action(type="omprog" binary="/opt/observium/syslog.php" template="observium")
action(type="omfile" dynafile="hostname")
}

input(type="imtcp" port="601" ruleset="remote")
input(type="imudp" port="514" ruleset="remote”)
#<EOF>
Post by Koen Claes
Thanks
This message has been scanned for malware by Websense. www.websense.com
_______________________________________________
observium mailing list
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Loading...