A couple of weeks ago I posted a query on the Packet Pushers Forum. This query was regarding recommendations for network management solutions that were well suited to the small to mid-sized networks. This forum post yielded many valuable recommendations. One possible solution that I wanted to evaluate was an open source product called NMIS by Opmantek.
Packet Pushers Forum — Network Management Platforms in the SMB Environment
Today’s article is in response to a struggle I had with the syslog integration with the NMIS 8 Virtual Appliance. After booting the virtual appliance and sending some syslog messages, it seemed like it wasn’t working properly. An easy way to test this is to configure a router for logging, then exiting out of global config mode. That should be enough to generate a syslog message.
PaulsRTR(config)#logging 192.168.1.198 PaulsRTR(config)#exit PaulsRTR#show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 1 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: disabled Trap logging: level informational, 1 message lines logged Logging to 192.168.1.199, 1 message lines logged PaulsRTR#
After configuring logging and producing a log message, I still saw a blank output in the Router_Syslog section of NMIS. This is shown below.
The solution to this issue turned out to be quite simple. The problem was in the unmodified configuration of rsyslog. First, the daemon had to be configured to listen on UDP port 514. Second, there needed to be rules in place to steer the Cisco syslog entries to the appropriate log file. To accomplish this, there are a couple of modifications that were needed in the rsyslog.conf file. The first change was uncommenting the second and third lines in the gray box below.
# Provides UDP syslog reception $ModLoad imudp.so $UDPServerRun 514
After the above lines were commented, it wass necessary to scroll on down into the file. To steer the traffic to the NMIS Cisco Syslog file, I had to add a line in the “Rules” section. I did this by matching on the facility “local1”.
#### RULES #### local1.* /usr/local/nmis8/logs/cisco.log
At this point, the only other action I had to take on the NMIS server was a restart of the rsyslog daemon.
[[email protected] cgi-bin]# /etc/init.d/rsyslog stop Shutting down system logger: [ OK ] [[email protected] cgi-bin]# /etc/init.d/rsyslog start Starting system logger: [ OK ]
Next from the router I modified the configuration to send its log messages as “local1” and generated another test message.
PaulsRTR(config)#logging facility local1 PaulsRTR(config)#exit PaulsRTR#show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 2 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: disabled Trap logging: level informational, 2 message lines logged Logging to 192.168.1.199, 2 message lines logged PaulsRTR#
At this point, a log entry was written to /usr/local/nmis8/logs/cisco.log on the NMIS server. It was also visible in the log widget.
As seen in the image above, the error is was no longer displayed. Additionally, the “configuration” event is properly logged in the management console.