...
opHA can send syslogs using escalation or send syslogs at the same time as the events are logged to the local file, which is basically realtime, this bypasses using the escalation system.
...
Primary Configuration
We need to make sure the Master Primary is setup to receive logs, the following documentation is for rsyslog.
Edit the rsyslog config /etc/rsyslog.conf, make sure it is willing to accept logs, and that the facility used above is going into the poller_event_log
| Code Block |
|---|
# Provides UDP syslog reception $ModLoad imudp.so $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp.so $InputTCPServerRun 514 #poller NMIS servers use local1 by default, capture that into slave_event.log local1.* /usr/local/nmis8/logs/poller_event.log |
...
Now make sure rsyslog is running. | Code Block |
|---|
service rsyslog restart |
Poller Configuration
Now configure NMIS pollers to send their logs through syslog to your master primary server. To run events through syslog check this config setting:
'syslog_events' => 'true'
Then make sure the config has the correct settings for the Master primary syslog service, specifically make sure the syslog_server points to the correct host, proto and port:
| Code Block |
|---|
'syslog' => {
'syslog_events' => 'true',
'syslog_facility' => 'local1',
'syslog_server' => 'master.ip.address:udp:514',
'syslog_use_escalation' => 'false'
}, |
To run Escalations on events before syslog:
To run events through escalations before putting them into syslog:
'syslog_use_escalation' => 'true'
No Escalations on events before syslog:
To have events go directly into syslog without escalations
'syslog_use_escalation' => 'false'
Testing
On the poller run:
| Code Block |
|---|
[root@poller nmis8]#/usr/local/nmis8/admin/testsyslog.pl |
On the master primary you should see the event (in the GUI as well if you refresh)
...