Zenoss ZenTech Community — Thread

TECHZEN Zenoss User Community

ARCHIVE

zensyslog on Zenoss5.2.4

Subject:	zensyslog on Zenoss5.2.4
Author:	CC Chee
Posted:	2017-06-26 04:50

Hi All,

I'm having trouble seeing events that I expect to see on the Event tab on Zenoss. Am I even looking at the correct area to check syslog events on zenoss?

More detailed:
- I'm a total newbie.
- installed Control Centre and Zenoss Core on ONE single machine, v 5.2.4
- All services seem to be working on the webpage.
- On Events page, I can see localhost and another machine on the same subnet.
- The other machine on same subnet has events shown, when it gets booted up or shutdown. Eg I can see things like "SNMP agent up". This proofs another Linux machine (no Zenoss stuff at all) can be seen by the Zenoss.
- Now I will just try simple message, on the Zenoss machine itself AND on the remote machine like:
logger --udp -p syslog.warn "The web server is down"
Still this test message is not displayed in Events
- The Event tab does say "localhost zensyslog heartbeat clear"

Configuration On Zenoss machine:
in /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-c 2 -m 0 -r10514 "

in /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 10514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 10514
...
*.info;mail.none;authpriv.none;cron.none @127.0.0.1:514

in Zenoss web page, in Zensyslog config file: /opt/zenoss/etc/zensyslog.conf
hubhost localhost
hubport 8789
hubusername admin
hubpassword zenoss
monitor localhost
syslogport 514

ps -ef | grep syslog
chee 12830 1 0 13:29 ? 00:00:01 /usr/bin/pulseaudio --start --log-target=syslog
root 14045 14024 0 13:29 ? 00:02:08 /serviced/serviced-controller 2v2e5z26pomw8bxcnllh1e6d6 0 su - zenoss -c "/opt/zenoss/bin/zensyslog run -c --logfileonly --monitor localhost "
root 14346 14045 0 13:29 ? 00:00:00 su - zenoss -c /opt/zenoss/bin/zensyslog run -c --logfileonly --monitor localhost
1337 14393 14346 0 13:29 ? 00:00:35 /opt/zenoss/bin/python /opt/zenoss/Products/ZenEvents/zensyslog.py --configfile /opt/zenoss/etc/zensyslog.conf -c --logfileonly --monitor localhost --useFileDescriptor=13
root 14720 1 0 14:06 ? 00:00:00 /usr/sbin/rsyslogd -n -c 2 -m 0 -r10514

Is there something I'm missing?

------------------------------
CC Chee
Altair
------------------------------

Subject:	RE: zensyslog on Zenoss5.2.4
Author:	Jane Curry
Posted:	2017-06-26 07:46

You should not need to alter any syslog stuff on the Zenoss server.
What you WILL need to do is to configure any target machine to send events to the Zenoss server.

Probably the hardest machine to make work with syslog is the Zenoss server itself so start with your other Linux machine. In /etc/rsyslogd.conf, you need a line like:

*.* @core524.class.example.org:514

You will need to restart your rsyslog daemon.

This sends all events of all priority and all facility (*.*) to the remote system core524.c;lass.example.org, on port 514.
Your Zenoss server base machine should have port 514 connected to Zenoss's zensyslog daemon.

I found that your logger command with --udp didn't work but a simple:
logger -p syslog.warn "The web server is down"

worked perfectly and a warning event appeared in the Zenoss event console.

You might find my vent Management for Zenoss Core 4" paper helpful - https://www.skills-1st.co.uk/papers/jane/zenoss4-events/ .

Cheers,
Jane

------------------------------
Jane Curry
Skills 1st United Kingdom
jane.curry@skills-1st.co.uk
------------------------------

Previous
veth devices lost / Urgent help needed please

Next
Not able to collect total memory allocated for HP-UX servers