Syslog setup questions

Hi, @mmahacek @moderators
Where i can find the parser=“org.opennms.netmgt.syslogd.SyslogNGParser” file as well parser=“org.opennms.netmgt.syslogd.Rfc5424SyslogParser” path in ubuntu OS 18.04

i have tried above step but still not getting syslogd for each nodes. guide me to troubleshoot so i can get syslogd logs in opennms application.

@nitin The current default is org.opennms.netmgt.syslogd.RadixTreeSyslogParser and you shouldn’t have to change it.

In fact, you shouldn’t have to change anything in the syslogd-configuration.xml at all; just enable the service in service-configuration.xml and restart OpenNMS.

Hi @dino2gnt @moderators
Same i have tried but still no luck. not getting separate node logs under /var/log/opennms.
any other configuration required for create a separate log for a particular node

Uhhh… you wouldn’t? That isn’t a function that OpenNMS’s syslogd integration provides. Whatever gave you the idea that it did?

What port are you sending the syslog messages to, and is OpenNMS configured to receive on that port with the firewall open?

@mmahacek firewall is disable. in syslogd.configuration file port is 10514
root@tbxms1:/etc/opennms# netstat -tupln | grep syslog
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN 7352/rsyslogd
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 7352/rsyslogd
tcp6 0 0 :::10514 :::* LISTEN 7352/rsyslogd
tcp6 0 0 :::514 :::* LISTEN 7352/rsyslogd
udp 0 0 0.0.0.0:10514 0.0.0.0:* 7352/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 7352/rsyslogd
udp6 0 0 :::10514 :::* 7352/rsyslogd
udp6 0 0 :::514 :::* 7352/rsyslogd

And you have provisioned nodes into OpenNMS that match the IP address(es) sending the syslog messages?

@dino2gnt may i know the actual process what i have to do for get separate node logs.

The syslogd service converts logs to OpenNmS events and writes them to the server’s database, not the .log files.

@mmahacek how to get separate node logs?

yeah they are same segments.

That’s not what I asked. Does opennms have a node it is monitoring that matches the IP address that is sending it syslog messages?

yes ip address is matching with syslog .

@mmahacek @dino2gnt
will the syslogd will automatically will get converted into openNMS events and get shown in the gui of the openNMS events.

Depends on what you actually mean when you say “separate node logs”.

Do you want logs from each node to be separate files on your OpenNMS server, or do you want logs from OpenNMS separated into a file per node?

That’s what the syslogd integration in OpenNMS does, convert syslog messages into events.

We just need syslogd nodes logs to get converted into events in openNMS and get shown in gui of the OpenNMS @dino2gnt @mmahacek

That’s your problem, then. You have the system rsyslogd listening on port 10514, which is the port OpenNMS (by default) will try to use. Either change the port to something else in syslogd-configuration.xml or reconfigure rsyslog to not bind to that port.

@dino2gnt in attached article

syslog-ng we have to install for opennms or default it will be available.

That’s for syslog-ng to send to OpenNMS, not for OpenNMS to receive syslog.

image
whether this proper?