Announcement

Collapse
No announcement yet.

Information - Tooltips on Rsyslog and Syslog-ng

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Information - Tooltips on Rsyslog and Syslog-ng

    Si vous utilisez RSYSLOG et que vous souhaitez faire apparaître des chaînes de caractères pour les champs "facility", et "priority" plutôt que leurs équivalent chiffrés, il vous suffit de remplacer dans le fichier "/etc/rsyslog.conf" les valeurs:

    Code:
    - %syslogfacility%
    - %syslogpriority%
    par:

    Code:
    %syslogfacility-text%
    %syslogpriority-text%
    Cela permet notamment de faire apparaître un code couleur dans la colonne "Priority".

    --------------------------------------------------------------------------------------

    If you want to view for "priority" and "facility" columns string in spite of number, you must change the following values in your "/etc/rsyslog.conf" file:

    Code:
    - %syslogfacility%
    - %syslogpriority%
    by:

    Code:
    %syslogfacility-text%
    %syslogpriority-text%
    This permit to use color system by priority type in syslog frontend.
    Centreon Syslog Module Manager/Developper
    Centreon E2S Module Manager/Developper
    Centreon Enterprise Server (2.x / 3.x) : Centreon Engine 1.3.x / 1.4.x, Centreon Broker 2.6.x / 2.8.x , Centreon 2.x, Centreon-Syslog 1.5.x, Centreon E2S 2.0
    Nagios 3.x et NDOutil 1.x

  • #2
    If you don't want to use the script "syslog2mysql.sh" you can replace:
    Code:
    destination d_mysql {
    	pipe("/var/log/mysql.pipe"
    	template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
    	VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n")
    	template-escape(no));
    };
    by

    Code:
    destination d_mysql {
            program("/usr/bin/mysql --user=myuser --password=mypassword syslog"
            template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
            VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
            template-escape(yes));
    };
    Centreon Syslog Module Manager/Developper
    Centreon E2S Module Manager/Developper
    Centreon Enterprise Server (2.x / 3.x) : Centreon Engine 1.3.x / 1.4.x, Centreon Broker 2.6.x / 2.8.x , Centreon 2.x, Centreon-Syslog 1.5.x, Centreon E2S 2.0
    Nagios 3.x et NDOutil 1.x

    Comment


    • #3
      rsyslog and syslog conflict - centOS

      "syslog2mysql.sh" not used - described by AkHeNaToN above.

      Following documentation

      EN_Centreon-Syslog-Server_Install-REVI02.pdf (Page 12)
      3 .2 . RSYSLOG




      Code:
      Install the following package : 
      $> apt-get install rsyslog rsyslog-mysql
      Installing on centOS ( FAN updated to centreon 2.1.4 and installing module

      centreon-syslog-server-1.1-RC4.tar.gz)

      equivalent command
      Code:
      # yum install rsyslog rsyslog-mysql

      Transaction Check Error:
      file /etc/logrotate.d/syslog from install of rsyslog-2.0.6-2.i386 conflicts with file from package syslog-ng-2.0.9-9.i386


      How to fix ?

      Comment


      • #4
        remove syslog-ng

        rpm -e syslog-ng
        Intel(R) Xeon(TM) CPU 3.4GHz - MemTotal : 1034476 kB
        Centreon 2.4.1 - Nagios 3.2.1 - Nagios Plugins 1.4.15 - Manubulon Plugins tuné
        Fedora Core 5 - 2.6.20-1.2320

        Comment


        • #5
          you can't have two daemon syslog in the same time.

          If you install Rsyslog you must uninstall syslog or syslog-ng
          Centreon Syslog Module Manager/Developper
          Centreon E2S Module Manager/Developper
          Centreon Enterprise Server (2.x / 3.x) : Centreon Engine 1.3.x / 1.4.x, Centreon Broker 2.6.x / 2.8.x , Centreon 2.x, Centreon-Syslog 1.5.x, Centreon E2S 2.0
          Nagios 3.x et NDOutil 1.x

          Comment


          • #6
            To accept special chars on Rsyslog you can use:

            Code:
            # Configuration changes for Windows/Snare/Centreon-E2S logs
            $EscapeControlCharactersOnReceive off
            
            $template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES
            ('%HOSTNAME%','%syslogfacility%','%syslogpriority%','%syslogseverity%','%syslogtag%',
            '%timereported:::date-mysql%','%programname%', '%msg:::space-cc%')", SQL
            
            *.* >IP_SERVEUR_DB,DB_NAME,BD_USER,DB_PASSWORD;sysMysql
            Centreon Syslog Module Manager/Developper
            Centreon E2S Module Manager/Developper
            Centreon Enterprise Server (2.x / 3.x) : Centreon Engine 1.3.x / 1.4.x, Centreon Broker 2.6.x / 2.8.x , Centreon 2.x, Centreon-Syslog 1.5.x, Centreon E2S 2.0
            Nagios 3.x et NDOutil 1.x

            Comment


            • #7
              Originally posted by AkHeNaToN View Post
              If you don't want to use the script "syslog2mysql.sh" you can replace the code:

              Code:
              destination d_mysql {
                      program("/usr/bin/mysql --user=myuser --password=mypassword syslog"
                      template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
                      VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
                      template-escape(yes));
              };
              In which file that is?

              Grtz
              Roderick
              Centos 6.2 - Nagios 3.4.1 - Centreon 2.3.8 - NDO 1.5.2 - Centreon Syslog 1.4.1 - nagios status map - www.r71.nl www.360viewpoint.nl
              StatusMap Module - NDO Tools Module - ImportCSV Module - SNMP-UI Module

              Comment


              • #8
                It's not used today. Get documentation from Redmine for installation.
                Centreon Syslog Module Manager/Developper
                Centreon E2S Module Manager/Developper
                Centreon Enterprise Server (2.x / 3.x) : Centreon Engine 1.3.x / 1.4.x, Centreon Broker 2.6.x / 2.8.x , Centreon 2.x, Centreon-Syslog 1.5.x, Centreon E2S 2.0
                Nagios 3.x et NDOutil 1.x

                Comment


                • #9
                  Directory structure

                  How to configure rSyslog by splitting files: (my personal experience)

                  Directory structure:
                  Code:
                  rsyslog.d/
                  ├── centreon-mysql.conf
                  ├── centreon-syslog
                  │** ├── 00_dropfilter.conf
                  │** └── 99_centreon.conf
                  └── postfix.conf
                  
                  1 directory, 4 files
                  File: centreon-mysql.conf
                  Code:
                  ### Configuration file for rsyslog-mysql
                  ### Changes are preserved
                  
                  $ModLoad ommysql
                  #*.* :ommysql:localhost,,,
                  # Configuration changes for Windows/Snare/Centreon-E2S logs
                  $EscapeControlCharactersOnReceive off
                  
                  $template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslogseverity-text%','%syslogtag%','%timereported:::date-mysql%','%programname%', '%msg%')", SQL
                  
                  ### Centreon Syslog Configuration Directory
                  $IncludeConfig /etc/rsyslog.d/centreon-syslog/*.conf
                  File: 00_dropfilter.conf
                  Code:
                  if ($programname == 'zimbramon') then ~
                  File: 99_centreon.conf
                  Code:
                  *.* >127.0.0.1,databse,username,password;sysMysql
                  I have splitted configuration in multiple files to create filtering without changing the main configuration.
                  By default, rSyslog (on GNU/Linux Debian and Ubuntu) include all files with the extension *.conf in the directory /etc/rsyslog.d/.

                  In the futur, I'm going to introduce a system to show spefic alert in centreon and handle by nagios.
                  The first file 00_dropfilter.conf is used to filter data that we didn't want on the centreon-server (Syslog).
                  http://wiki.rsyslog.com/index.php/Fi...y_program_name

                  If the program name is "zimbramon", the syslog message is drop and rSyslog stop to check other rules.

                  Else, the rules in 99_centreon.conf are checked and the final rule send everything in the database.

                  All files in the directory centreon-syslog are checked in alphanumeric order.

                  In a few days/weeks,
                  I'm going to complete this small documention with scripts for alerting nagios when a specific message has been received by the syslog server.
                  Network Engineer/Tweaker
                  CCNA and CCNA Security.
                  Pending CCNA Wireless and LPIC
                  Unix, Linux and Windows user

                  Comment

                  Working...
                  X