@ -78,7 +78,7 @@ Next start syslog-ng: service syslog-ng restart ``` Add the following to your LibreNMS config.php file to enable the Syslog extension.
- I misinterpreted the LibreNMS docker page by thinking that the LibreNMS container came with a MariaDB instance pre-installed. So the above commands will create a LibreNMS container, a LibreNMS syslog-ng 'sidecar' container for syslog capabilities within LibreNMS, and a MariaDB container. All are necessary for it to work.
- Syslog/Eventlog Widget Issue. I went from 1.23 to 1.25 and am now having issues with the Syslog and Eventlog dashboard widgets. The syslog entries are larger than the widget so they overlap other widgets. It's consistent across multiple browsers, any idea what I can do to resolve the issue?
All the list_*logs calls are aliased to list_logs.
Retrieve all logs or logs for a specific device.
- id or hostname is the specific device
Input:
- start: The page number to request.
- limit: The limit of results to be returned.
- from: The date and time or the event id to search from.
- to: The data and time or the event id to search to.
list_eventlog
Route: /api/v0/logs/eventlog/:hostname
list_syslog
Route: /api/v0/logs/syslog/:hostname
list_alertlog
Route: /api/v0/logs/alertlog/:hostname
list_authlog
Route: /api/v0/logs/authlog/:hostname
Example:
Output:
This document will explain how to send syslog data to LibreNMS.Please also refer to the file Graylog.md for an alternate way ofintegrating syslog with LibreNMS.
Syslog server installation
syslog-ng
Once syslog-ng is installed, edit the relevant config file (mostlikely /etc/syslog-ng/syslog-ng.conf) and paste the following:
Next start syslog-ng:
Add the following to your LibreNMS config.php file to enable the Syslog extension:
If no messages make it to the syslog tab in LibreNMS, chances are you experience an issue with SELinux. If so, create a file mycustom-librenms-rsyslog.te , with the following content:
Then, as root, execute the following commands:
rsyslog
If you prefer rsyslog, here are some hints on how to get it working.
Add the following to your rsyslog config somewhere (could be at thetop of the file in the step below, could be in rsyslog.conf if youare using remote logs for something else on this host)
Create a file called /etc/rsyslog.d/30-librenms.confand add the following depending on your version of rsyslog.
If your rsyslog server is recieving messages relayed by another syslogserver, you may try replacing %fromhost% with %hostname%, sincefromhost is the host the message was received from, not the hostthat generated the message. The fromhost property is preferred asit avoids problems caused by devices sending incorrect hostnames insyslog messages.
Add the following to your LibreNMS config.php file to enable the Syslog extension:
logstash
If you prefer logstash, and it is installed on the same server asLibreNMS, here are some hints on how to get it working.
First, install the output-exec plugin for logstash:
Next, create a logstash configuration file(ex. /etc/logstash/conf.d/logstash-simple.conf), and add thefollowing:
Replace 10.10.10.10 with your primary elasticsearch server IP, and setthe incoming syslog port. Alternatively, if you already have alogstash config file that works except for the LibreNMS export, takeonly the 'exec' section from output and add it.
Add the following to your LibreNMS config.php file to enable the Syslog extension:
Syslog Clean Up
Can be set inside of config.php
The cleanup is run by daily.sh and any entries over X days old areautomatically purged. Values are in days. See here for more Clean UpOptions Link
Client configuration
Below are sample configurations for a variety of clients. You shouldunderstand the config before using it as you may want to make someslight changes. Further configuration hints may be found in the file Graylog.md.
Replace librenms.ip with IP or hostname of your LibreNMS install.
Replace any variables in
syslog
rsyslog
Cisco ASA
Cisco IOS
Cisco NXOS
Juniper Junos
Huawei VRP
Huawei SmartAX (GPON OLT)
Allied Telesis Alliedware Plus
If you have permitted udp and tcp 514 through any firewall then thatshould be all you need. Logs should start appearing and displayedwithin the LibreNMS web UI.
Windows
By Default windows has no native way to send logs to a remote syslog server.
Using this how to you can download Datagram-Syslog Agent to send logsto a remote syslog server (LibreNMS).
Note
Keep in mind you can use any agent or program to send the logs. We arejust using this Datagram-Syslog Agent for this example.
You will need to download and install 'Datagram-Syslog Agent' for this how toLink to Download
External hooks
Trigger external scripts based on specific syslog patterns beingmatched with syslog hooks. Add the following to your LibreNMSconfig.php to enable hooks:
The below are some example hooks to call an external script in theevent of a configuration change on Cisco ASA, IOS, NX-OS and IOS-XRdevices. Add to your config.php file to enable.
Cisco ASA
Cisco IOS
Cisco NXOS
Cisco IOSXR
Juniper Junos
Juniper ScreenOS
Allied Telesis Alliedware Plus
Note: At least software version 5.4.8-2.1 is required. log hostx.x.x.x level notices program imi may also be required depending onconfiguration. This is to ensure the syslog hook log message gets sentto the syslog server.
Librenms Enable Syslog
Configuration Options
Librenms Syslog-ng Not Working
Matching syslogs to hosts with different names
In some cases, you may get logs that aren't being associated with thedevice in LibreNMS. For example, in LibreNMS the device is known as'ne-core-01', and that's how DNS resolves. However, the receivedsyslogs are for 'loopback.core-nw'.
Librenms Syslog Purge
To fix this issue, you can configure LibreNMS to translate theincoming syslog hostname into another hostname, so that the logs getassociated with the correct device.
Librenms Syslog Server
Example: