Ad Widget

**danny818** · 27-04-2011, 02:55

Originally posted by JBo

Obviously, none of syslog messages appearing in syslog_nomatch history is coming from zabbix server (IP 172.16.44.254 is not 127.0.0.1).

Can you locate ONE syslog message coming from zabbix server in syslog_nomatch history and post it here ?

JBo

I can't recieve syslog from zabbix server in syslog_NOMATCH.

**JBo** · 27-04-2011, 11:57

Hi,

Originally posted by danny818

I can't recieve syslog from zabbix server in syslog_NOMATCH.

It seems that

Code:

*.* @127.0.0.1

in /etc/syslog.conf is not working.

Have you checked log files in /var/log (/var/log/syslog, /var/log/messages and may be other) ?

What syslog program are you using ?

syslog
rsyslog
syslog-ng

In recent Linux distributions, syslog is being replaced by rsyslog or syslog-ng.
Make sure that you have modified the appropriate configuration file.

Regards,
JBo

**danny818** · 27-04-2011, 12:17

Originally posted by JBo

Hi,

It seems that

Code:

*.* @127.0.0.1

in /etc/syslog.conf is not working.

Have you checked log files in /var/log (/var/log/syslog, /var/log/messages and may be other) ?

What syslog program are you using ?

syslog
rsyslog
syslog-ng

In recent Linux distributions, syslog is being replaced by rsyslog or syslog-ng.
Make sure that you have modified the appropriate configuration file.

Regards,
JBo

I am using syslog program.
if

Code:

*.* @127.0.0.1

in /etc/syslog.conf don't work,how to make it work?

**JBo** · 27-04-2011, 12:37

Originally posted by danny818

I am using syslog program.
if

Code:

*.* @127.0.0.1

in /etc/syslog.conf don't work,how to make it work?

Did you check the logs ?

Sorry but I don't have any system with syslog anymore. All my Linux servers are now using rsyslog.

I have tested zbxlog a few months ago on an old Debian system with syslog and it worked. The only difference with your setup is that I was using the real IP address of the server instead of 127.0.0.1 in

Code:

*.* @127.0.0.1

If using the real IP doesn't work, I'm afraid that I won't be able to help you more.

Regards,
JBo

**danny818** · 27-04-2011, 12:50

Originally posted by JBo

Did you check the logs ?

Sorry but I don't have any system with syslog anymore. All my Linux servers are now using rsyslog.

I have tested zbxlog a few months ago on an old Debian system with syslog and it worked. The only difference with your setup is that I was using the real IP address of the server instead of 127.0.0.1 in

Code:

*.* @127.0.0.1

If using the real IP doesn't work, I'm afraid that I won't be able to help you more.

Regards,
JBo

I replaced the 127ip with real ip and it didn't work .thank u very much.

**JBo** · 29-04-2011, 13:53

zbxlog release 1.0

Hi,

I have just released zbxlog v1.0 (http://www.alixen.org/attachments/do...bxlog-r1.0.tgz).

This release includes:

CentOS init script with correct exit codes (provided by tof233)
syslog-ng as a syslog proxy configuration (contributed by tof233)
Gentoo init script (provided by MrDeath87)
Gentoo configuration added to README (provided by MrDeath87)
Support single Zbxlog server in distributed monitoring on Zabbix 1.8.x and 2.0 (1.9.x)
Zabbix 1.8.5 frontend patches
zbxlog.log file location changed to /var/log

Happy syslog monitoring !
JBo

**MrDeath87** · 11-05-2011, 10:05

Originally posted by JBo

Hi,

I have just released zbxlog v1.0 (http://www.alixen.org/attachments/do...bxlog-r1.0.tgz).

This release includes:

CentOS init script with correct exit codes (provided by tof233)
syslog-ng as a syslog proxy configuration (contributed by tof233)
Gentoo init script (provided by MrDeath87)
Gentoo configuration added to README (provided by MrDeath87)
Support single Zbxlog server in distributed monitoring on Zabbix 1.8.x and 2.0 (1.9.x)
Zabbix 1.8.5 frontend patches
zbxlog.log file location changed to /var/log

Happy syslog monitoring !
JBo

Good work!

BTW, can use for example syslog[daemon,^*fail2ban] ? where in front of fail2ban is used any prefix ?
in logging of fail2ban is a little bug in log,
put a some kind of symbol in front of program name
"п»їfail2ban.actions: WARNING"

**JBo** · 13-05-2011, 13:39

zbxlog release 1.1

Hi,

I have just released zbxlog v1.1 (http://www.alixen.org/attachments/do...bxlog-r1.1.tgz).

This release adds support for IPv6.
People upgrading from 1.0 should take care of additional Perl modules dependencies needed for IPv6 support:

NetAddr::IP::Util
IO::Socket6
IO::Socket::INET6

These modules are not part of core Perl modules included in most distributions.
Check README file for installation details.

Happy syslog monitoring !
JBo

**JBo** · 13-05-2011, 13:55

Originally posted by MrDeath87

BTW, can use for example syslog[daemon,^*fail2ban] ? where in front of fail2ban is used any prefix ?
in logging of fail2ban is a little bug in log,
put a some kind of symbol in front of program name
"п»їfail2ban.actions: WARNING"

zbxlog uses «Perl regular expressions».
If you want to match any prefix before fail2ban, you coud use

Code:

^.*fail2ban

or just

Code:

fail2ban

Regards,
JBo

**zalex_ua** · 24-05-2011, 22:36

Originally posted by zalex_ua

I can prepare init script for FreeBSD.

Originally posted by DmitryGFP

zalex_ua, I'll be very grateful if you prepare the init script.

Zbxlog has bees "ported" for the FreeBSD

PR to FreeBSD GNUTS has bees sent.

zbxlog should be appeared in the "net-mgmt" category.

You will be able to install it by one simple command:

Code:

cd /usr/ports/net-mgmt/zbxlog/ && make install clean

I'll report here after successful adding Zbxlog to fbsd ports collection.

proof:

**zalex_ua** · 10-07-2011, 11:16

Hi JBo.

I noticed a little problem.
Please remove unneeded lines:

Code:

@@ -560,4 +561,4 @@
 
 require_once('include/page_footer.php');
 
-?>
\ Pas de fin de ligne Г* la fin du fichier.
+?>

from the patch "history.php.patch"
added: related only to patches for 1.9.2 version

In CentOS (no in the FreeBSD

) this lines makes error:

Code:

patching file history.php
Hunk #1 succeeded at 315 (offset 6 lines).
Hunk #2 FAILED at 567.
1 out of 2 hunks FAILED -- saving rejects to file history.php.rej

added second time: i use latest zabbix trunk (~1.9.5)

This small problem already fixed in the 1.9.4 Zabbix source code.

About FreeBSD port. I don't know whenever FreeBSD ports collection team would include my zbxlog port to port collection in the future at all.
So, maybe you can include a result of my work to zbxlog archive?
See attachments zbxlog-fbsdport.tar.gz

My port meets all the requirements of the best practice for FreeBSD port build.
Paths for different files corresponds a FreeBSD ideology (different then in the Linux). All dependencies handling is included. Port supports "prefix" option for make install, and other useful things ...
So, the best way for fbsd users is to copy port folder (my attachment) to the /usr/ports/net-mgmt and type:

Code:

cd /usr/ports/net-mgmt/zbxlog/ && make install clean

Attached Files

zbxlog-fbsdport.tar.gz (12.5 KB, 189 views)

**hugo.soares** · 12-08-2011, 13:06

Init.d script for Suse linux

See attachment.
Use it has you will!

I use install folder "/opt/zbxlog" so you may need to change:
zbxlog_bin=/opt/zbxlog/bin/zbxlog.pl
to something else.

P.S. Great adition to Zabbix!

Attached Files

zbxlog.opensuse.txt (2.3 KB, 264 views)

**linuxgurugamer** · 15-08-2011, 22:33

Better location for conf file

Hi,

I'm trying this out now. The only thing I can say is that I think a better location for the conf file would be in /etc/zabbix, rather than /etc

JBB

**jvandenbroek** · 25-10-2011, 09:59

Hi,

I'm currently getting the following message in history:

Code:

Use of undefined constant S_SYSLOG_INFO - assumed 'S_SYSLOG_INFO' [include/items.inc.php:44]

However all patches from 1.8.5 applied successfully on my 1.8.7 installation. What could be wrong? Thank you.

**JBo** · 25-10-2011, 13:18

Hi,

Originally posted by jvandenbroek

Code:

Use of undefined constant S_SYSLOG_INFO - assumed 'S_SYSLOG_INFO' [include/items.inc.php:44]

However all patches from 1.8.5 applied successfully on my 1.8.7 installation. What could be wrong?

I just patched an 1.8.7 and it worked without any error message.

I am able to reproduce your problem by undoing the patch on include/locales/en_gb.inc.php
In this case, I get the same error message and values in Severity columns are of the form S_SYSLOG_INFO instead of their corresponding value ("Information").

Make sure that include/locales/en_gb.inc.php is really patched.
Following command:

Code:

grep S_SYSLOG_  include/locales/en_gb.inc.php

should return:

Code:

    'S_SYSLOG_DEBUG' =>            'Debug',
    'S_SYSLOG_INFO' =>            'Info',
    'S_SYSLOG_NOTICE' =>            'Notice',
    'S_SYSLOG_WARN' =>            'Warning',
    'S_SYSLOG_ERR' =>            'Error',
    'S_SYSLOG_CRIT' =>            'Critical',
    'S_SYSLOG_ALERT' =>            'Alert',
    'S_SYSLOG_EMERG' =>            'Emergency',

Hope this helps,
JBo

Ad Widget

Better syslog message handling for Zabbix

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment