How to properly add syslog to observium server?

Question

I have an Ubuntu server 16.04 where I've installed observium to monitor the server itself and this part is working fine, I can see the event logs.

After that I have followed instructions on how to add syslog: http://docs.observium.org/syslog/ But when I open syslog on the server there is error message:

"No syslog entries found!".

Is there anything else I need to do (aside from the Observium webpage instructions above)?

Thank you

UPDATE 1:

rsyslogd version 8.16.0

When I try to use direct logging it works fine.

So here is the configuration file:

#---------------------------------------------------------
#send remote logs to observium

template(name="observium"
         type="string"
         string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")

$ModLoad omprog

# rsyslog Input Modules
input(type="imudp"
      port="514"
      ruleset="observium")

# rsyslog RuleSets
ruleset(name="observium") {
    action(type="omprog"
           binary="/opt/observium/syslog.php"
           template="observium")
}

*.* stop
#---------------------------------------------------------

And instead of that I put it without ruleset:

#---------------------------------------------------------
#send remote logs to observium

#ceph-mon.=notice; ~

template(name="observium"
         type="string"
         string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")

$ModLoad omprog


action(type="omprog"
           binary="/opt/observium/syslog.php"
           template="observium")

*.* stop
#---------------------------------------------------------

It works :)

So there is another question. Do I need to use ruleset? If so, has anybody else experienced the same/similar issue and how did you solve it?

Thank you!

Andy Lemin · Answer 1 · 2018-01-16T15:05:13.433

Yea I saw this issue too.

I mistakenly enabled "input(type="imudp" port="514")" in both rsyslogd.conf and 30-observium.conf. You want to enable the imudp module in rsyslogd.conf and enable the input->ruleset action for it in 30-observium.conf

/etc/rsyslog.conf;

provides UDP syslog reception
module(load="imudp")
#input(type="imudp" port="514")

/etc/rsyslog.d/30-observium.conf should be;

#---------------------------------------------------------
#send remote logs to observium

template(name="observium"
     type="string"
     string="%fromhost-ip%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")

$ModLoad omprog

# rsyslog Input Modules
input(type="imudp"
      port="514"
      ruleset="observium")

# rsyslog RuleSets
ruleset(name="observium") {
    action(type="omprog"
           binary="/opt/observium/syslog.php"
           template="observium")
}

#& stop
#---------------------------------------------------------

I also had to comment out the last line as it was making rsyslog silently fail.

PS; Every time you make changes to the syslog filters, you need to restart rsyslog as it caches the resulting syslog.php script at startup.

How to properly add syslog to observium server?

1 Answers1