Does this help at all?

http://nootech.blogspot.com/2007/02/zenoss-and-syslog-catching.html

--

James Pulver

Information Technology Area Supervisor

LEPP Computer Group

Cornell University

phonegi wrote, On 11/23/2009 12:36 PM:

I am running CentoOS 5 and Zenoss 2.4.1. The OS uses syslog v1.4.1. I have added the "-r" option to the syslog.conf file so that the syslog daemon does not listen on the syslog port - defined in /etc/services as UDP 514. Currently Zenoss is receiving and processing incoming syslog messages fine. However, no local syslog messages register with Zenoss.

 

Is there a way to allow Zenoss to monitor the local machine and still capture remote syslog messages?

 

Thanks.

>

Couldn't you set up syslog-NG to use a different port to listen and send

to the standard port that Zenoss is using and save some extra config?

--

James Pulver

Information Technology Area Supervisor

LEPP Computer Group

Cornell University

phonegi wrote, On 11/23/2009 1:12 PM:

Thanks for the quick reply.

 

After reading over the article, it appears that the solution achieved by the writer requires a second system to act as a syslog collector that forwards incoming syslog messages to Zenoss. I was hoping to configure just one system.

 

The article did introduce me to something interesting - that is configuring the local syslog daemon and zensyslog to operate on different ports. It is my understanding that syslog will send and receive syslog messages on whatever port is defined in /etc/services as "syslog". Zensyslog does the same, but appearently can be configured to listen on an alternative port.

 

Using that as a basis for a solution, is there a way to configure syslog or syslog-ng to transmit on one port but listen on another? I can't seem to find any more than the "-r" option for syslog. If so, I might be able to get this to work.

 

Thanks again.

>