Archived community.zenoss.org | full text search
Skip navigation
Up to Discussions in zenoss-users
11316 Views 3 Replies Latest reply: Jun 29, 2010 11:49 AM by nilie RSS
nilie Rank: Green Belt
nilie
372 posts since
May 27, 2010
Currently Being Moderated

Jun 21, 2010 1:58 PM

Syslog messages from devices do not show up in Event Console

I did my best to search and read all postings on this topic I could find on this forum but I'm still unable to resolve this problem.

 

I'm using Zenoss Core v2.5.1 and my setup is as follows :

 

I have syslog-ng listening on port UDP/514 for all syslog messages coming in from the network. All syslog messages having the local4 facility are selected and rerouted to ZenSyslog which is listening on port UDP/5514. If I generate a syslog message from one of my Cisco devices, nothing comes up in the Event Console of the Zenoss server.

 

Steps I took to troubleshoot the problem :

 

- I configured syslog-ng to reroute messages with local4 facility to a file in /var/log and I could see every message is being logged properly which means they are received and processed by syslog-ng.

- I increased the logging level to Debug for ZenSyslog daemon and sometimes in the past, I was able to see messages being received by it like this :

 

2010-06-18 14:36:59,194 DEBUG zen.Syslog: host=localhost.localdomain, ip=127.0.0.1

2010-06-18 14:36:59,194 DEBUG zen.Syslog: <165>Jun 18 14:36:59 nnn.nnn.110.61 394: Jun 18 14:36:58: %SYS-5-CONFIG_I: Configured from console by myname on vty0 (nnn.nnn.210.3)

 

2010-06-18 14:36:59,194 DEBUG zen.Syslog: fac=160 pri=5

2010-06-18 14:36:59,194 DEBUG zen.Syslog: facility=local4 severity=2

 

as you can see, no mention of queuing the message

 

Now I don't even get that anymore :

 

2010-06-21 13:20:48,258 DEBUG zen.thresholds: Checking value 0 on Daemons/localhost/zensyslog_eventQueueLength
2010-06-21 13:20:48,258 DEBUG zen.MinMaxCheck: Checking zensyslog_eventQueueLength 0 against min None and max 1000
2010-06-21 13:21:43,215 DEBUG zen.ZenSyslog: Queueing event {'monitor': 'localhost', 'component': 'zensyslog', 'agent': 'zensyslog', 'manager': 'fbtlc003.fbn-nbf.local', 'timeout': 180, 'device': 'localhost', 'eventClass': '/Heartbeat'}
2010-06-21 13:21:43,216 DEBUG zen.ZenSyslog: Total of 1 queued events
2010-06-21 13:22:43,216 DEBUG zen.ZenSyslog: Queueing event {'monitor': 'localhost', 'component': 'zensyslog', 'agent': 'zensyslog', 'manager': 'fbtlc003.fbn-nbf.local', 'timeout': 180, 'device': 'localhost', 'eventClass': '/Heartbeat'}
2010-06-21 13:22:43,217 DEBUG zen.ZenSyslog: Total of 1 queued events
2010-06-21 13:23:43,217 DEBUG zen.ZenSyslog: Queueing event {'monitor': 'localhost', 'component': 'zensyslog', 'agent': 'zensyslog', 'manager': 'fbtlc003.fbn-nbf.local', 'timeout': 180, 'device': 'localhost', 'eventClass': '/Heartbeat'}

 

I'm getting heartbeat events being queued but there are no corresponding events in the Event Console.

 

Any idea of what steps should I take next ?

 

Thanks

  • phonegi Rank: Brown Belt
    phonegi
    446 posts since
    Apr 15, 2009
    Currently Being Moderated
    1. Jun 21, 2010 9:42 PM (in response to nilie)
    Re: Syslog messages from devices do not show up in Event Console

    Do you have iptables running on the device? If so, you need to open 5514. You might also be able to reference this article: HOWTO make syslog and zensyslog coexist on an RHEL machine

  • nilie Rank: Green Belt
    nilie
    372 posts since
    May 27, 2010
    Currently Being Moderated
    2. Jun 23, 2010 10:37 AM (in response to phonegi)
    Re: Syslog messages from devices do not show up in Event Console

    Thank you for your info.

     

    I did check that article already when I was looking for a solution to make syslog-ng and zensyslog work together but anyway I read it a second time. My case is the #1 scenario where syslog-ng is flexible enough to forward the packet to any address and port I want. As for Iptables, I have a very good understanding of them but I admit I don't have a vast experience configuring them and I am not sure if they do apply to the loopback interface as they do on physical interfaces. Anyway, I've disabled the Iptables completely and conducted a test and the result is the same. I can see the syslog messages showing up in the log of the ZenSyslog daemon but there is no mention of them being queued.

  • nilie Rank: Green Belt
    nilie
    372 posts since
    May 27, 2010
    Currently Being Moderated
    3. Jun 29, 2010 11:49 AM (in response to nilie)
    Re: Syslog messages from devices do not show up in Event Console

    I managed to find the cause of this behaviour.

     

    It seems the sysadmin before me was being bothered by the amount of syslog messages so he decided to modify the configuration of ZenSyslog by setting the minimum priority message that zensyslog will accept to 0 which means only critical syslog messages were retained by Zenoss and we didn't have one in quite a long time. Of course he forgot to mention it to me and this put me on a wrong track, because Zenoss was working just fine, doing what he was told to do.

     

     

    Thank you all for your suggestions.

     

     

    Nicu

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 4 points
  • Helpful Answers - 2 points