Repository which helps you to configure Rsyslog for LibreNMS and your clients.
The license doesn't apply to external configuration files, see comments in each files to see relative license.
Copyleft (C) Nicolas Simond - 2016
This script is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This script is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this script. If not, see http://www.gnu.org/licenses/gpl.txt
This repository helps you to configure Rsyslog for LibreNMS and your clients.
Rsyslog
Port 514 (udp/tcp) open on LibreNMS server
Debian 8
A french version of this is available here: https://www.abyssproject.net/2016/07/collection-rsyslog-librenms/
A english well formated version of this is available here: https://enter.thewhiterabbit.space/rsyslog-with-librenms/
Install Rsyslog:
apt-get install rsyslog -y
Apply necessary configuration:
cd /etc wget https://raw.githubusercontent.com/stylersnico/rsyslog/master/etc/rsyslog-server.conf rm rsyslog.conf && mv rsyslog-server.conf rsyslog.conf
Apply LibreNMS specific configuration:
cd /etc/rsyslog.d/ wget https://raw.githubusercontent.com/stylersnico/rsyslog/master/etc/rsyslog.d/30-librenms.conf systemctl restart rsyslog
Add Syslog support into LibreNMS:
cd /opt/librenms wget https://raw.githubusercontent.com/stylersnico/rsyslog/master/opt/librenms/config-add.php cat config-add.php >> config.php rm config-add.php
Install Rsyslog:
apt-get install rsyslog -y
Apply necessary configuration:
cd /etc wget https://raw.githubusercontent.com/stylersnico/rsyslog/master/etc/rsyslog-client.conf rm rsyslog.conf && mv rsyslog-client.conf rsyslog.conf
You can add support for NGINX, PHP 7 and PHP 5 logs with this command:
cd /etc/rsyslog.d/ wget https://raw.githubusercontent.com/stylersnico/rsyslog/master/etc/rsyslog.d/lemp.conf
Edit Rsyslog conf with this command:
nano /etc/rsyslog.conf
Replace syslog_server_ip with LibreNMS server's IP or DNS.
#Remote server *.* @syslog_server_ip:514
Do the same with /etc/rsyslog.d/lemp.conf.
Restart Rsyslog with this command:
systemctl restart rsyslog
Use TCPdump and see if you see incoming traffic :
tcpdump -i eth0 udp port 514
An example of what you must see:
root@monitoring:~# tcpdump -i eth0 udp port 514 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 11:49:28.793109 IP webhost.ragondin.com.45155 > monitoring.ragondin.com.syslog: SYSLOG syslog.info, length: 153 11:49:28.829808 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG syslog.info, length: 137 11:49:28.829896 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG syslog.info, length: 71 11:49:32.558670 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG daemon.error, length: 813 11:49:33.470379 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG kernel.warning, length: 267 11:49:36.478635 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG kernel.warning, length: 267 11:49:38.768606 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG daemon.debug, length: 86 11:49:38.769138 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG daemon.debug, length: 86 11:49:42.490359 IP webhost.ragondin.com.45397 > monitoring.ragondin.com.syslog: SYSLOG kernel.warning, length: 267 ^C 9 packets captured 9 packets received by filter 0 packets dropped by kernel