Hi
I`m logging my network equipment with rsyslog on a Ubuntu 10.04 server.
This works quite well, except a strange problem with my Mikrotik equipment.
On the Mikrotik boxes I run ROS 3.30
When syslog eneries appear from these, host name is very strange.
It can be:
- wireless,debug
- wireless,info
How can I correct this, and just get a host name here?
Re: Remote logging with rsyslog
What do you have the bsd-syslog option under "/system logging action" set to?
Re: Remote logging with rsyslog
$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >{mysql_server},{db_name},{db_users},{db_pass};cacti_syslog
Its hostname from the mikrotik units that seems to be different from other devices.
In hostname field I get "wireless,debug" "wireless,info" and so on.
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >{mysql_server},{db_name},{db_users},{db_pass};cacti_syslog
Its hostname from the mikrotik units that seems to be different from other devices.
In hostname field I get "wireless,debug" "wireless,info" and so on.
Re: Remote logging with rsyslog
Bumping this, any help here.
Struggling with my logs
Struggling with my logs
-
-
ctyler2621
just joined
- Posts: 5
- Joined:
Re: Remote logging with rsyslog
The %hostname% from a MT is messed up and gives you <facility,severity> instead. Replace %HOSTNAME% with %fromhost% as a work around, it wont give you the DNS hostname but it will at least give you an IP address.
Here is a link that has all the available properties used with rsyslog http://www.rsyslog.com/doc/property_replacer.html
Here is my template from my rsyslog.conf file:
$template TikRouters,"insert into TikRouters (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, EventID) values ('%msg%', %syslogfacility%, '%fromhost%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%', '%msgid%')",SQL
if ($fromhost-ip == '<routerip>') then
mmysql:127.0.0.1,<database-name>,<username>,<password>;TikRouters
I know this caused me some frustration for quite some time, and I hope that my solution helps someone else. If anyone finds a better solution I would be more than happy to hear it/use it.
Here is a link that has all the available properties used with rsyslog http://www.rsyslog.com/doc/property_replacer.html
Here is my template from my rsyslog.conf file:
$template TikRouters,"insert into TikRouters (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, EventID) values ('%msg%', %syslogfacility%, '%fromhost%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%', '%msgid%')",SQL
if ($fromhost-ip == '<routerip>') then
mmysql:127.0.0.1,<database-name>,<username>,<password>;TikRoutersI know this caused me some frustration for quite some time, and I hope that my solution helps someone else. If anyone finds a better solution I would be more than happy to hear it/use it.
-
-
reinerotto
Long time Member
- Posts: 520
- Joined:
Re: Remote logging with rsyslog
Hi,
you might support my request for including "Identity" into the remote log message. To have some clue at least, from where the log message originates, especially in case of dynamic IP.
http://forum.mikrotik.com/viewtopic.php ... it=logging
you might support my request for including "Identity" into the remote log message. To have some clue at least, from where the log message originates, especially in case of dynamic IP.
http://forum.mikrotik.com/viewtopic.php ... it=logging
Who is online
Users browsing this forum: Google [Bot] and 93 guests