Ad Widget

**danny818** · 22-04-2011, 14:06

Originally posted by JBo

Hi

May be a dumb question but have you configured syslog forwarding in zabbix server ?

Regards,
JBo

how to configure? in the syslog.conf file? please give me some detail instructions.thank u.

**JBo** · 22-04-2011, 22:43

Originally posted by danny818

how to configure? in the syslog.conf file? please give me some detail instructions.thank u.

According to «Remote host configuration» in README file, you should add:

Code:

*.* @127.0.0.1

to /etc/syslog.conf (or /etc/rsyslog.conf) and restart the service.

Regards,
JBo

**danny818** · 23-04-2011, 14:59

Originally posted by JBo

According to «Remote host configuration» in README file, you should add:

Code:

*.* @127.0.0.1

to /etc/syslog.conf (or /etc/rsyslog.conf) and restart the service.

Regards,
JBo

have configured that，still can't recieve zabbix server syslog itself. sad....

**danny818** · 26-04-2011, 10:13

Originally posted by danny818

have configured that，still can't recieve zabbix server syslog itself. sad....

HI JBo:
I have 2 question now

1) Tue Apr 26 15:49:18 2011 zbxlog.pl started
Cannot create socket (Address already in use) at lib/Zbxlog/Controller.pm line 48.

2) I can't recieve agent(linux) syslog even the zabbix server itself.

please help.THANK U

**JBo** · 26-04-2011, 12:06

Hi,

Originally posted by danny818

1) Tue Apr 26 15:49:18 2011 zbxlog.pl started
Cannot create socket (Address already in use) at lib/Zbxlog/Controller.pm line 48.

Either:

you have a zbxlog process still running.
another process is bound to port 514

netstat -ulnp
will show you the process listening on port 514.
If it is zbxlog.pl, just kill it and start a new one.

Originally posted by danny818

2) I can't recieve agent(linux) syslog even the zabbix server itself.

Are you receiving syslog from your zabbix server in «nomatchhost» ?

Regards,
JBo

**danny818** · 26-04-2011, 12:47

Originally posted by JBo

Hi,

Either:

you have a zbxlog process still running.
another process is bound to port 514

netstat -ulnp
will show you the process listening on port 514.
If it is zbxlog.pl, just kill it and start a new one.

Are you receiving syslog from your zabbix server in «nomatchhost» ?

Regards,
JBo

hi,JBo:

1)there is no zbxlog process running.
even when I killed every process include syslog that listening on port 514,then I start the zbxlog process,still that error mentioned before appeared in zbxlog.log.

2)yes,I configured to receive syslog before from my zabbix server in «nomatchhost»,is that the reason why I can't recieve local or remote agent log by zbxlog?

**JBo** · 26-04-2011, 13:02

Originally posted by danny818

1)there is no zbxlog process running.
even when I killed every process include syslog that listening on port 514,then I start the zbxlog process,still that error mentioned before appeared in zbxlog.log.

You can't have more than one process listening on a port.
Make sure no other process is listening on port 514 (with netstat) before starting zbxlog.

Originally posted by danny818

2)yes,I configured to receive syslog before from my zabbix server in «nomatchhost»,is that the reason why I can't recieve local or remote agent log by zbxlog?

Yes.
Zbxlog needs to map syslog messages to a zabbix host.
It is mainly based on IP address configured in Zabbix.
Is 127.0.0.1 the IP address of your zabbix server in zabbix host configuration ?

Regards,
JBo

**danny818** · 26-04-2011, 13:08

Originally posted by danny818

hi,JBo:

1)there is no zbxlog process running.
even when I killed every process include syslog that listening on port 514,then I start the zbxlog process,still that error mentioned before appeared in zbxlog.log.

2)yes,I configured to receive syslog before from my zabbix server in «nomatchhost»,is that the reason why I can't recieve local or remote agent log by zbxlog?

JBo:
I have solved the 1st problem.
now I have 2 items on my zabbix server, syslog[] and syslog_nomatch,last time I can't recieve zabbix server syslog but can recieve network equipment syslog by item syslog_nomatch,

now both of them don't work .why??

**danny818** · 26-04-2011, 13:12

Originally posted by JBo

You can't have more than one process listening on a port.
Make sure no other process is listening on port 514 (with netstat) before starting zbxlog.

Yes.
Zbxlog needs to map syslog messages to a zabbix host.
It is mainly based on IP address configured in Zabbix.
Is 127.0.0.1 the IP address of your zabbix server in zabbix host configuration ?

Regards,
JBo

127.0.0.1 the IP address of my zabbix server in zabbix host configuration ,and in zbxlog.conf the listening port is 127.0.0.1,and have added *.* @127.0.0.1 in etc/syslog.conf,all of above don't make it work,why?

**JBo** · 26-04-2011, 13:17

Originally posted by danny818

127.0.0.1 the IP address of my zabbix server in zabbix host configuration ,and in zbxlog.conf the listening port is 127.0.0.1,and have added *.* @127.0.0.1 in etc/syslog.conf,all of above don't make it work,why?

You said previously that you have stopped syslog process on zabix server.
Did you restart it ?

JBo

**danny818** · 26-04-2011, 13:29

Originally posted by JBo

You said previously that you have stopped syslog process on zabix server.
Did you restart it ?

JBo

yes,syslog and zbxlog.pl process are running now,but recieve nothing.

what is the correct sequence to confiure zbxlog

whether I can have two items syslog[] and syslog_nomatch,do they conflict?

and how to configure syslog[] and syslog_nomatch correctly,and make it work?

**JBo** · 26-04-2011, 13:46

Originally posted by danny818

yes,syslog and zbxlog.pl process are running now,but recieve nothing.

what is the correct sequence to confiure zbxlog

whether I can have two items syslog[] and syslog_nomatch,do they conflict?

and how to configure syslog[] and syslog_nomatch correctly,and make it work?

Syslog messages sent to syslog_nomatch are prefixed with remote host name as determined by zbxlog.
Could you post at least one of these messages here ?

JBo

**danny818** · 26-04-2011, 14:08

Originally posted by JBo

Syslog messages sent to syslog_nomatch are prefixed with remote host name as determined by zbxlog.
Could you post at least one of these messages here ?

JBo

the graphs are following:

Attached Files

**danny818** · 26-04-2011, 14:13

Originally posted by danny818

the graphs are following:

another 3 graphs:

Attached Files

**JBo** · 26-04-2011, 14:27

Obviously, none of syslog messages appearing in syslog_nomatch history is coming from zabbix server (IP 172.16.44.254 is not 127.0.0.1).

Can you locate ONE syslog message coming from zabbix server in syslog_nomatch history and post it here ?

JBo

Ad Widget

Better syslog message handling for Zabbix

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment