Remote logging with rsyslog

Superdust · January 14, 2011, 12:01pm

Hi

I`m logging my network equipment with rsyslog on a Ubuntu 10.04 server.
This works quite well, except a strange problem with my Mikrotik equipment.
On the Mikrotik boxes I run ROS 3.30

When syslog eneries appear from these, host name is very strange.
It can be:

wireless,debug
wireless,info

How can I correct this, and just get a host name here?

Superdust · January 17, 2011, 8:04am

Any help on this

fewi · January 17, 2011, 4:58pm

What do you have the bsd-syslog option under “/system logging action” set to?

Superdust · January 17, 2011, 6:03pm

$ModLoad ommysql
$template cacti_syslog,“INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, ‘%timereported:::date-mysql%’, ‘%timereported:::date-mysql%’, ‘%HOSTNAME%’, ‘%msg%’)”, SQL
. >{mysql_server},{db_name},{db_users},{db_pass};cacti_syslog

Its hostname from the mikrotik units that seems to be different from other devices.
In hostname field I get “wireless,debug” “wireless,info” and so on.

Superdust · January 21, 2011, 8:03pm

Bumping this, any help here.
Struggling with my logs

ctyler2621 · July 28, 2011, 2:38pm

The %hostname% from a MT is messed up and gives you <facility,severity> instead. Replace %HOSTNAME% with %fromhost% as a work around, it wont give you the DNS hostname but it will at least give you an IP address.

Here is a link that has all the available properties used with rsyslog http://www.rsyslog.com/doc/property_replacer.html

Here is my template from my rsyslog.conf file:

$template TikRouters,“insert into TikRouters (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, EventID) values (‘%msg%’, %syslogfacility%, ‘%fromhost%’, %syslogpriority%, ‘%timereported:::date-mysql%’, ‘%timegenerated:::date-mysql%’, %iut%, ‘%syslogtag%’, ‘%msgid%’)”,SQL

if ($fromhost-ip == ‘’) then mmysql:127.0.0.1,,,;TikRouters

I know this caused me some frustration for quite some time, and I hope that my solution helps someone else. If anyone finds a better solution I would be more than happy to hear it/use it.

reinerotto · July 29, 2011, 6:43am

Hi,

you might support my request for including “Identity” into the remote log message. To have some clue at least, from where the log message originates, especially in case of dynamic IP.
http://forum.mikrotik.com/t/remote-logging-request-for-simple-improovement/48537/1