Ad Widget

**JBo** · 31-03-2011, 20:12

Originally posted by tof233

I modified a little bit Items.pm with

Code:

SELECT hostinfo.host,hostinfo.key_,hosts.host AS proxyname FROM    
    (select
        h.host,
        i.key_,
        h.proxy_hostid
        from
        hosts h,
        items i
        where
        h.hostid=i.hostid
        and h.status=0
        and i.status=0
        and i.key_ like 'syslog[%')  AS iteminfo 
    LEFT OUTER JOIN hosts ON hostinfo.proxy_hostid=hosts.hostid;

But now I'm a bit lost with how to split items by proxy to send one global packet per proxy...

I really thank you for your reactivity and would be happy to contribute...

Thank you.
I am retrieving the proxy in Hosts.pm since it is defined at host level, not item level.

Sender.pm will be a little harder to modify since it is currently sending all syslog messages in a single bulk transfer.
Since the request header is different, it now needs to make one transfer per proxy plus one for non proxied hosts.

I hope I'll be able to post an update tomorrow afternoon that will work at least for Zabbix 1.8.

JBo

**JBo** · 01-04-2011, 09:23

zbxlog release 0.9.1

Hi,

I have just released zbxlog v0.9.1 (http://www.alixen.org/attachments/do...log-r0.9.1.tgz).

This release adds:

Support single Zbxlog server in distributed monitoring with zabbix_proxy

It adds a new configuration parameter in zbxlog.conf:

simulate_zabbix_proxy
- 1 to activate for this new feature
- 0 (default value) means that there is one zbxlog process per zabbix_proxy

This is the first release of this new feature which has following limitations:

Only tested with mysql database backend
Supports only current 1.8 database schema

These limitations will be removed in next few days.

Tof233, since this feature specially interests you, please report any result you get.

Happy syslog monitoring !
JBo

**tof233** · 01-04-2011, 09:57

Thank you JBo.

I'm really impressed about how fast you implemented it.

It's working great.
Just one small problem is that it seems Zbxlog sends messages one by one for hosts without proxy (but for hosts with proxies, it's working fine).

**JBo** · 01-04-2011, 10:08

Originally posted by tof233

Just one small problem is that it seems Zbxlog sends messages one by one for hosts without proxy (but for hosts with proxies, it's working fine).

That's strange.
In my test setup, I have 3 hosts: host0/no proxy, host1/proxy1, host2/proxy2) and all of them get their messages sent in one batch.
In Sender.pm, there is now one zabbix request per proxy and 'no proxy' just builds the same request as any proxy but with a different header.

I am adding support for Zabbix 2.0 DB schema.
I'll check again no proxy case after that.

Thanks for your feedback.
JBo

**tof233** · 01-04-2011, 10:27

Sorry
I'm probably mistaken :

Code:

T 2011/04/01 10:31:19.011514 127.0.0.1:39349 -> 127.0.0.1:8080 [AP]
  ZBXD.........{"request":"sender data",."data":[.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World",."timestamp":"1301646678",
  ."source":"local1",."severity":"16",."eventid":"137",.},.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World",."timestamp":"130
  1646678",."source":"local1",."severity":"16",."eventid":"137",.},.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World",."timest
  amp":"1301646678",."source":"local1",."severity":"16",."eventid":"137",.},.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World"
  ,."timestamp":"1301646679",."source":"local1",."severity":"16",."eventid":"137",.}.].}.                                                                 
##
T 2011/04/01 10:31:19.014656 127.0.0.1:8080 -> 127.0.0.1:39349 [AP]
  ZBXD.                                                                                                                                                   
##
T 2011/04/01 10:31:19.014709 127.0.0.1:8080 -> 127.0.0.1:39349 [AP]
  W.......{.."response":"success",.."info":"Processed 4 Failed 0 Total 4 Seconds spent 0.002714"}                                                         
########
T 2011/04/01 10:31:20.066725 127.0.0.1:39354 -> 127.0.0.1:8080 [AP]
  ZBXD.K.......{"request":"sender data",."data":[.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World",."timestamp":"1301646679",
  ."source":"local1",."severity":"16",."eventid":"137",.},.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World",."timestamp":"130
  1646679",."source":"local1",."severity":"16",."eventid":"137",.},.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World",."timest
  amp":"1301646679",."source":"local1",."severity":"16",."eventid":"137",.},.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hello World"
  ,."timestamp":"1301646679",."source":"local1",."severity":"16",."eventid":"137",.},.{."host":"sysloghost",."key":"syslog_nomatch",."value":":logger: Hel
  lo World",."timestamp":"1301646680",."source":"local1",."severity":"16",."eventid":"137",.}.].}.

**JBo** · 01-04-2011, 10:38

I have just committed Zabbix 2.0 DB schema support (tested on Mysql only).

I have also run on Zabbix 2.0 (1.9.2 actually) a test with 4 hosts:

loghostnoproxy01 / no proxy
loghostnoproxy02 / no proxy
loghostproxy01 / proxy01
loghostproxy02 / proxy02

On these 4 hosts, I run:

Code:

for i in `seq 100`; do logger test $i; sleep 1; done

I have set zabbix_delay=30 in zbxlog.conf to be sure that I get several syslog messages from each host before sending them to zabbix server.

Every 30 seconds, I have 3 connections to zabbix server:

one with all messages from loghostnoproxy01 and loghostnoproxy02
one with all messages from loghostproxy01
one with all messages from loghostproxy02

So I get one batch per proxy and one batch for non proxy hosts.

Regards,
JBo

**tof233** · 01-04-2011, 11:22

In fact, it was just because my zabbix_delay was 1.
Thank you again JBo

**JBo** · 01-04-2011, 11:41

Release 1.0 on sight

Originally posted by tof233

In fact, it was just because my zabbix_delay was 1.
Thank you again JBo

Good news.
I have also made some tests on Zabbix 1.8 with Postgres DB backend. It is working too.

I think that Zbxlog is now feature complete for an 1.0. I will release it in a week or two unless there are problems reported.

I plan for post 1.0:

better DNS lookup as suggested by Blinkiz
IPv6 support

First one needs some SQL rewrites and DNS resolutions in Hosts.pm.
Second one needs a replacement of a core Perl module: IO::Socket::INET.

Happy syslog monitoring !
JBo

**tof233** · 05-04-2011, 13:43

I modified the Centos init script with the right return codes.

Attached Files

zbxlog.centos.txt (1.5 KB, 249 views)

**JBo** · 05-04-2011, 13:51

Originally posted by tof233

I modified the Centos init script with the right return codes.

Thank you,
SVN repository updated.

JBo

**MrDeath87** · 12-04-2011, 07:51

syslog-ng ?

Hello, this module work with syslog-ng ? who can tell ?
and someone tried it on gentoo linux ?

I need a gentoo init.d script, please help

**JBo** · 13-04-2011, 11:36

Hi,

Originally posted by MrDeath87

Hello, this module work with syslog-ng ? who can tell ?

Yes, it works with syslog-ng as with any syslog utility (syslog, rsyslog,...).
You need to configure syslog-ng to forward to zbxlog.
You need to set:

Code:

destination remote_server { udp("Zbxlog_IP" port(514)); };

in your syslog-ng configuration. Check gentoo manual for details.

In case you use syslog-ng as a proxy, you may be interested by this post.

Originally posted by MrDeath87

and someone tried it on gentoo linux ?
I need a gentoo init.d script, please help

Sorry, we have init scripts only for Debian/Ubuntu and Centos/Redhat.

If somebody can provide a script for Gentoo (maybe you

), I'll be more than happy to add it to Zbxlog sources.

Regards,
JBo

**MrDeath87** · 14-04-2011, 08:35

hello again, i just made a ini script for gentoo, for now it work, but i will test some time and will provide this init script for gentoo

Thx for reply, i just set up syslog-ng on gentoo with this module, comming soon, mini how to

**MrDeath87** · 14-04-2011, 08:53

Works beautiful

I just have one question, why Panic and Emeg have same color and same value, EMERGENCY?

---- after some coffe

well, i made some modification in original files and adapted for my Favorite GENTOO OS

Enjoy, Thx for all who made this module! Hope it will become incorporated in future version of Zabbix

Attached Files

zbxlog-r0.9.1_(addapted for Gentoo by Mr.Death).zip (34.7 KB, 213 views)

**JBo** · 14-04-2011, 11:40

Hi,

Originally posted by MrDeath87

Works beautiful

I just have one question, why Panic and Emeg have same color and same value, EMERGENCY?

That's because syslog defines 8 severity levels but Zabbix has only 6.
I have chosen to map 2 syslog levels to 1 zabbix level.
It is defined in include/items.inc.php, function get_item_logtype_style:

Code:

        function get_item_logtype_style($logtype){
                switch($logtype){
                        case ITEM_LOGTYPE_INFORMATION:          return 'information';
                        case ITEM_LOGTYPE_WARNING:              return 'warning';
                        case ITEM_LOGTYPE_ERROR:                return 'high';
                        case ITEM_LOGTYPE_FAILURE_AUDIT:        return 'high';
                        case ITEM_LOGTYPE_SUCCESS_AUDIT:        return 'information';

                        case ITEM_LOGTYPE_SYSLOG_DEBUG:         return 'information';
                        case ITEM_LOGTYPE_SYSLOG_INFO:          return 'information';
                        case ITEM_LOGTYPE_SYSLOG_NOTICE:        return 'warning';
                        case ITEM_LOGTYPE_SYSLOG_WARN:          return 'warning';
                        case ITEM_LOGTYPE_SYSLOG_ERR:           return 'average';
                        case ITEM_LOGTYPE_SYSLOG_CRIT:          return 'average';
                        case ITEM_LOGTYPE_SYSLOG_ALERT:         return 'high';
                        case ITEM_LOGTYPE_SYSLOG_EMERG:         return 'high';

                        default:                                return 'normal';
                }
        }

You can change color mapping there.

Originally posted by MrDeath87

---- after some coffe

well, i made some modification in original files and adapted for my Favorite GENTOO OS

Enjoy, Thx for all who made this module! Hope it will become incorporated in future version of Zabbix

Thanks for the ZIP. I'll need to sort out what you have changed in order to update Zbxlog SVN.

Regards,
JBo

Ad Widget

Better syslog message handling for Zabbix

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment