Discussion:
[opennms-discuss] OpenNMS syslog configuration
sanjaymodha
2013-02-28 10:21:22 UTC
Permalink
Hi,

I am unable to receive Syslog messages (coming from Linux OS) in OpenNMS as
events.

I've got the following configuration:

*syslogd-configuration.xml *

<?xml version="1.0"?>
<syslogd-configuration>
<configuration
syslog-port="514"
new-suspect-on-message="false"
parser="org.opennms.netmgt.syslogd.CustomSyslogParser"

forwarding-regexp="^.*\s(19|20)\d\d([-/.])(0[1-9]|1[012])\2(0[1-9]|[12][0-9]|3[01])(\s+)(\S+)(\s)(\S.+)"
matching-group-host="6"
matching-group-message="8"
discard-uei="DISCARD-MATCHING-MESSAGES"
/>

<import-file>syslog/ApacheHTTPD.syslog.xml</import-file>
<import-file>syslog/LinuxKernel.syslog.xml</import-file>
<import-file>syslog/OpenSSH.syslog.xml</import-file>

</syslogd-configuration>

I've uncommented the following in the *service-configuration.xml*

<service>
<name>OpenNMS:Name=Syslogd</name>
<class-name>org.opennms.netmgt.syslogd.jmx.Syslogd</class-name>
<invoke at="start" pass="0" method="init"/>
<invoke at="start" pass="1" method="start"/>
<invoke at="status" pass="0" method="status"/>
<invoke at="stop" pass="0" method="stop"/>
</service>

Also, I have got the following logging levels in my log4j.properties

# Syslogd
log4j.category.OpenNMS.Syslogd=WARN, DEBUG, INFO, SYSLOGD
log4j.additivity.OpenNMS.Syslogd=false
log4j.appender.SYSLOGD=org.apache.log4j.RollingFileAppender
log4j.appender.SYSLOGD.MaxFileSize=100MB
log4j.appender.SYSLOGD.MaxBackupIndex=4
log4j.appender.SYSLOGD.File=C:/OpenNMS/logs/daemon/syslogd.log
log4j.appender.SYSLOGD.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOGD.layout.ConversionPattern=%d %-5p [%t] %c{1}: %m%n

C:\OpenNMS\logs\daemon\*syslogd.log* - In this file, it shows 0KB which
means there is no logging happening.

I have tried using *SyslogNGParser* and *Rfc5424SyslogParser* in the
syslogd-configuration.xml file but nothing is happening. Also, I've used
syslog-port="10514" but no luck.

I have used kiwi syslog server just to prove that my machine is able to
receive syslog messages from source. I have been able to receive syslog
messages on the machine where OpenNMS is installed ( as I have tested
receiving syslog messages using Windows based syslog server - external tool
called kiwi syslog server which shows syslog messages in it's console)

So, Can you please help me with syslog configuration for OpenNMS so that it
can start showing events?
Many thanks in advance.

Cheers,
Sanjay



--
View this message in context: http://opennms.530661.n2.nabble.com/OpenNMS-syslog-configuration-tp7582561.html
Sent from the OpenNMS - discuss mailing list archive at Nabble.com.
Gerd Mueller
2013-02-28 11:20:49 UTC
Permalink
I guess your forwarding-regexp doesn't match your ip ranges: To match
everything try
forwarding-regexp="^((.+?) (.*))\r?\n?$"

Cheers,
Gerd
Post by sanjaymodha
Hi,
I am unable to receive Syslog messages (coming from Linux OS) in OpenNMS as
events.
*syslogd-configuration.xml *
<?xml version="1.0"?>
<syslogd-configuration>
<configuration
syslog-port="514"
new-suspect-on-message="false"
parser="org.opennms.netmgt.syslogd.CustomSyslogParser"
forwarding-regexp="^.*\s(19|20)\d\d([-/.])(0[1-9]|1[012])\2(0[1-9]|[12][0-9]|3[01])(\s+)(\S+)(\s)(\S.+)"
matching-group-host="6"
matching-group-message="8"
discard-uei="DISCARD-MATCHING-MESSAGES"
/>
<import-file>syslog/ApacheHTTPD.syslog.xml</import-file>
<import-file>syslog/LinuxKernel.syslog.xml</import-file>
<import-file>syslog/OpenSSH.syslog.xml</import-file>
</syslogd-configuration>
I've uncommented the following in the *service-configuration.xml*
<service>
<name>OpenNMS:Name=Syslogd</name>
<class-name>org.opennms.netmgt.syslogd.jmx.Syslogd</class-name>
<invoke at="start" pass="0" method="init"/>
<invoke at="start" pass="1" method="start"/>
<invoke at="status" pass="0" method="status"/>
<invoke at="stop" pass="0" method="stop"/>
</service>
Also, I have got the following logging levels in my log4j.properties
# Syslogd
log4j.category.OpenNMS.Syslogd=WARN, DEBUG, INFO, SYSLOGD
log4j.additivity.OpenNMS.Syslogd=false
log4j.appender.SYSLOGD=org.apache.log4j.RollingFileAppender
log4j.appender.SYSLOGD.MaxFileSize=100MB
log4j.appender.SYSLOGD.MaxBackupIndex=4
log4j.appender.SYSLOGD.File=C:/OpenNMS/logs/daemon/syslogd.log
log4j.appender.SYSLOGD.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOGD.layout.ConversionPattern=%d %-5p [%t] %c{1}: %m%n
C:\OpenNMS\logs\daemon\*syslogd.log* - In this file, it shows 0KB which
means there is no logging happening.
I have tried using *SyslogNGParser* and *Rfc5424SyslogParser* in the
syslogd-configuration.xml file but nothing is happening. Also, I've used
syslog-port="10514" but no luck.
I have used kiwi syslog server just to prove that my machine is able to
receive syslog messages from source. I have been able to receive syslog
messages on the machine where OpenNMS is installed ( as I have tested
receiving syslog messages using Windows based syslog server - external tool
called kiwi syslog server which shows syslog messages in it's console)
So, Can you please help me with syslog configuration for OpenNMS so that it
can start showing events?
Many thanks in advance.
Cheers,
Sanjay
--
View this message in context: http://opennms.530661.n2.nabble.com/OpenNMS-syslog-configuration-tp7582561.html
Sent from the OpenNMS - discuss mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
http://www.opennms.org/index.php/Mailing_List_FAQ
opennms-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/opennms-discuss
--
Gerd Müller
Projektleiter

Kürtener Str. 11b · 51465 Bergisch Gladbach

Tel.: +49 (0) 22 02-24 01-153
Fax: +49 (0) 22 02-24 01-253
***@mikatiming.de
www.mikatiming.de

AG Köln HRB 47509 * Geschäftsführer: Harald Mika, Jörg Mika
sanjaymodha
2013-03-04 14:56:14 UTC
Permalink
Many Thanks Gerd,

Now, I am able to receive syslog message from my linux box but there is one
problem. I am not able to identify from where the syslog is coming. In other
words, Node column in the OpenNMS-Events remains empty.

I am getting the following event.

04/03/13 14:29:33
uei.opennms.org/syslogd/syslog/Informational [+][-] Edit notifications for
event
An event with no matching configuration was received from interface .

But when I try to send the same sample syslog message using TheOne Syslog
Sender tool (windows based) then I am getting the following event with Node
column populated properly.

04/03/13 14:25:48
uei.opennms.org/syslogd/syslog/Informational [+][-] Edit notifications for
event
An event with no matching configuration was received from interface x.x.x.x.

So, how to solve this problem ? Any thoughts will be very much appreciated.

Many thanks in advance.

Cheers,
Sanjay



--
View this message in context: http://opennms.530661.n2.nabble.com/OpenNMS-syslog-configuration-tp7582561p7582608.html
Sent from the OpenNMS - discuss mailing list archive at Nabble.com.
Loading...