跳到主內容

LibreNMS 啟用 Syslog 看記錄

除了用 Graylog 服務來收集記錄,我們可以使用 LibreNMS 來收集資訊 110.10.04 在 Debian 版本上遇到的問題

運行環境


系統版本:CentOS 7、Debian 10LibreNMS 1.59-26 服務版本:LibreNMS 21.9.0-54

安裝過程


首先安裝 syslog-ng 服務

  • CentOS / RedHat
yum install syslog-ng -y
  • Debian / Ubuntu
apt install syslog-ng -y
  • 安裝完之後將 syslog-ng.conf 設定檔備份一份,再更換新的設定檔,這個設定檔是 LibreNMS 提供的
mv /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.bak

vim /etc/syslog-ng/syslog-ng.conf
  • 在新檔裡面貼上官方提供的設定
@version:3.5
@include "scl.conf"

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
#       located in /etc/syslog-ng/conf.d/

options {
        chain_hostnames(off);
        flush_lines(0);
        use_dns(no);
        use_fqdn(no);
        owner("root");
        group("adm");
        perm(0640);
        stats_freq(0);
        bad_hostname("^gconfd$");
};

source s_sys {
    system();
    internal();
};

source s_net {
        tcp(port(514) flags(syslog-protocol));
        udp(port(514) flags(syslog-protocol));
};

########################
# Destinations
########################
destination d_librenms {
        program("/opt/librenms/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC||$MSG||$PROGRAM\n") template-escape(yes));
};

filter f_kernel     { facility(kern); };
filter f_default    { level(info..emerg) and
                        not (facility(mail)
                        or facility(authpriv)
                        or facility(cron)); };
filter f_auth       { facility(authpriv); };
filter f_mail       { facility(mail); };
filter f_emergency  { level(emerg); };
filter f_news       { facility(uucp) or
                        (facility(news)
                        and level(crit..emerg)); };
filter f_boot   { facility(local7); };
filter f_cron   { facility(cron); };

########################
# Log paths
########################
log {
        source(s_net);
        source(s_sys);
        destination(d_librenms);
};

# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"


# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
  • 重啟服務
systemctl restart syslog-ng ; systemctl enable syslog-ng
  • 再到 LibreNMS 設定檔啟動該功能 vim /opt/librenms/config.php
$config['enable_syslog'] = 1;
  • 設定 rsyslog.conf 設定,將前面的註解刪掉
vim /etc/rsyslog.conf

修改前

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

修改後

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
  • 重啟服務
systemctl restart rsyslog
  • 清除所收集到的資料,在 LibreNMS 設定檔裡新增一行,可以自行設定幾天之後會刪除掉記錄。
$config['syslog_purge'] = 30;

補充說明


BUBU 在使用 Debian 要啟用 Syslog 剛好要重啟 rsyslog 服務出現報錯下面的錯誤,會造成這樣子的原因是我們剛剛有安裝 syslog-ng 關係造成的

Failed to restart rsyslog.service: Unit rsyslog.service is masked.

只先取消 rsyslog 服務再重啟就可以正常

systemctl unmask rsyslog.service

重啟服務
systemctl restart rsyslog



參考相關網頁


補充說明參考相關網頁