Librenms Syslog

| Posted on by

Librenms Syslog

Librenms Syslog Purge

License Repository which helps you to configure Rsyslog for LibreNMS and your clients. The license doesn't apply to external configuration files, see comments in each files to see relative license. Copyleft (C) Nicolas Simond - 2016. Hi, I'm relaying syslog messages like this: device->central-syslog-server -> kubernetes cluster -> librenms-syslog-ng-docker. It works so good but I need to add the keep-hostname(yes). Configuring Rsyslog with LibreNMS Syslogfor more settings to enable email settings see my video on youtube Rsyslog on Ubu.

The goal of this article is to provide you with a pre-built LibreNMS. This image should require very little tinkering, This VM is not meant to be publicly accessibly, it should only be used internally to get you working, feel free to improve it. I’m going to go over the setup in this article.

Syslog/Eventlog Widget Issue. I went from 1.23 to 1.25 and am now having issues with the Syslog and Eventlog dashboard widgets. The syslog entries are larger than the widget so they overlap other widgets. It's consistent across multiple browsers, any idea what I can do to resolve the issue? Looking at syslog and eventlog messages in LibreNMS. We also look at alerting on syslog messages.

The VM is based on the latest CentOS 7 x64 image. I’ve tested all of the features before generalizing the config to share.

Download below:
https://upw.io/tD/LibreNMS-Deploy-disk1.vmdk

note: Currently I am rebuilding the OVF/VA so I am just providing a link to download the VMDK so you can import it into vmware and create a new VM from it

Features:

  • 1 Minute Polling
  • Oxidized Config Backups (with differencing)
  • Rsyslog for syslog messages
  • Nagios Plugins for service monitoring
  • Probably more tinkering done that I forgot

The login info for CentOS is below:

The login for LibreNMS:

Locations to mention:

If you’d like to see the setup guide, please scroll down!

Here is how we can deploy the VM:
1. Here’s the download link again.

At this point I expect that you have downloaded the vmdk, uploaded it to your ESXi datastore, created a new VM and added this exisiting disk to that VM, then powered it on.

2. Grab the IP of the VM from vSphere (it’s set to DHCP)

3. Now browse to the IP of the librenms server, and login with the following admin account:

4. Let’s configure a device for SNMP and SYSLOG to verify everything is working. I have a Cisco 3750x switch I will be adding into LibreNMS.

I’m going to quickly go off topic to share the SNMP and logging config for some devices:
Here’s the complete config on the switch side (note x.x.x.x is librenms server ip, y.y.y.y is an NTP server) :

Librenms Syslog

Here’s the logging and snmp config for a Cisco ASA (note x.x.x.x is librenms server IP)

Here’s the logging and snmp config for an ESXI host

Now back to the process

5.

Head back over to LibreNMS and add a device, make sure to configure the hostname. Rsyslog won’t add the logs to the device in Libre if the hostname doesn’t match what’s in libre. Thus you need to add your devices almost always by hostname!

Librenms Syslog

Note:If you don’t add your devices via hostname, and want to capture syslog from devices, you need to find commands that will make devices send you their IP in the syslog payload instead of hostname. The cisco equivalent for this, I believe, is “logging origin-id ip”.

Let’s check the syslog of the switch.

Note: If you are seeing logs, I recommend going back and setting “logging trap error” instead of debugging, or else you will flood the Syslog store and fill it up quickly. Also it will tax the Management plane of your device. This tip becomes more important when you have a chatty firewall filling up your partition with informational syslog. Watch the log size!

6.

Now that that’s working, let’s configure device backups…

SSH or console into the Libreserver, login with root/password, browse to “/root/.config/oxidized/” and edit router.db

Note: I left some examples in there of other devices.

Librenms Syslog Filter

let’s add our switch to oxidized so it starts backing it up. Add the following line:

My switch doesn’t require enable, however if it did the syntax would be this.

Librenms Enable Syslog

Save it by pressing CTRL + X, press y, then run the following command

Now go back into the device in Libre, and check out the config tab.

Awesome, the config backup worked! If you change something in the config, save it, Oxidized will pick up the new version as well and allow you to do a difference display since the config is saved in a GIT repo.

If you get the following, either oxidized is not running, or the hostname/ip in oxidized doesn’t match libre

All should show up green and running. That’s it for now!
If you’re interested in installing your own LibreNMS please check out the official documentation here!

Troubleshooting

1. If you find that something is not working, I would start off by checking if nginx,oxidized,rsyslog and mariadb.

ex:

2. If you’re worried syslog messages are not making it to your, feel free to use TCPdump, it’s installed on the VM. The following command will allow you to capture the traffic destined for syslog.

Librenms Syslog.php

Librenms Syslog

3. If you’re having more troubles with syslog, the issue might be the hostnames are not matching with the device and libre, please see the excerpt from this post.

Usually the hostname / IP of the syslog doesn’t match what’s in librenms – open syslog.php, uncomment the logfile line, restart rsyslog and then tail -f /opt/librenms/logs/librenms.log see what the data looks like.