Return to site

Librenms Syslog

broken image


License Repository which helps you to configure Rsyslog for LibreNMS and your clients. The license doesn't apply to external configuration files, see comments in each files to see relative license. Copyleft (C) Nicolas Simond - 2016.

We have simple integration for Graylog, you will be able to view anylogs from within LibreNMS that have been parsed by the syslog inputfrom within Graylog itself. This includes logs from devices whicharen't in LibreNMS still, you can also see logs for a specific deviceunder the logs section for the device.

Currently, LibreNMS does not associate shortnames from Graylog withfull FQDNS. If you have your devices in LibreNMS using full FQDNs,such as hostname.example.com, be aware that rsyslogd, by default,sends the shortname only. To fix this, add

$PreserveFQDN on

  • @ -78,7 +78,7 @@ Next start syslog-ng: service syslog-ng restart ``` Add the following to your LibreNMS config.php file to enable the Syslog extension.
  • Configuring Rsyslog with LibreNMS Syslogfor more settings to enable email settings see my video on youtube Rsyslog on Ubu.
  • Librenms Syslog Hi, Today, we're gonna see how we can configure Rsyslog with LibreNMS to collect and store the logs of our servers. It's very important to have a good log management to check them if you have any failure on a server. LibreNMS provide a module which gives you the power to collect, store and analyze those logs.
  • Syslog/Eventlog Widget Issue. I went from 1.23 to 1.25 and am now having issues with the Syslog and Eventlog dashboard widgets. The syslog entries are larger than the widget so they overlap other widgets. It's consistent across multiple browsers, any idea what I can do to resolve the issue?

to your rsyslog config to send the full FQDN so device logs will beassociated correctly in LibreNMS. Also see near the bottom of thisdocument for tips on how to enable/suppress the domain part ofhostnames in syslog-messages for some platforms.

Graylog itself isn't included within LibreNMS, you will need toinstall this separately either on the same infrastructure as LibreNMSor as a totally standalone appliance.

Config is simple, here's an example based on Graylog 2.4:

Timezone

Syslog.php

Graylog messages are stored using GMT timezone. You can displaygraylog messages in LibreNMS webui using your desired timezone bysetting the following option in config.php:

Timezone must be PHP supported timezones, available at:https://php.net/manual/en/timezones.php

Graylog Version

If you are running a version earlier than Graylog then please set

to the version number of your Grayloginstall. Earlier versions than 2.1 use the default port

Librenms Syslog-ng Not Working

12900

URI

If you have altered the default uri for your Graylog setup then youcan override the default of /api/ using

User Credentials

If you choose to use another user besides the admin user, please notethat currently you must give the user 'admin' permissions from withinGraylog, 'read' permissions alone are not sufficient.

TLS Certificate

If you have enabled TLS for the Graylog API and you are using aself-signed certificate, please make sure that the certificate istrusted by your LibreNMS host, otherwise the connection willfail. Additionally, the certificate's Common Name (CN) has to matchthe FQDN or IP address specified in

Match Any Address

If you want to match the source address of the log entries against anyIP address of a device instead of only against the primary address andthe host name to assign the log entries to a device, you can activatethis function using

Recent Devices

There are 2 configuration parameters to influence the behaviour of the'Recent Graylog' table on the overview page of thedevices.

Sets the maximum number of rows to be displayed (default: 10)

You can set which loglevels that should be displayed on the overview page. (default: 7, min:0, max: 7)

Shows only entries with a log level less than or equal to 4 (Emergency,Alert, Critical, Error, Warning).

You can set a default Log Level Filter with

(applies to /graylog and /device/device=/tab=logs/section=graylog/ (min: 0, max: 7)

Domain and hostname handling

Suppressing/enabling the domain part of a hostname for specific platforms

You should see if what you get in syslog/Graylog matches up with yourconfigured hosts first. If you need to modify the syslog messages fromspecific platforms, this may be of assistance:

IOS (Cisco)

or

JunOS (Juniper Networks)

PanOS (Palo Alto Networks)

or

Transports are located within LibreNMS/Alert/Transport/ and can beconfigured within the WebUI under Alerts -> Alert Transports.

Contacts will be gathered automatically and passed to the configured transports.By default the Contacts will be only gathered when the alert triggersand will ignore future changes in contacts for the incident.If you want contacts to be re-gathered before each dispatch, pleaseset 'Updates to contact email addresses not honored' to Off in the WebUI.

The contacts will always include the SysContact defined in theDevice's SNMP configuration and also every LibreNMS user that has atleast read-permissions on the entity that is to be alerted.

At the moment LibreNMS only supports Port or Device permissions.

You can exclude the SysContact by toggling 'Issue alerts to sysContact'.

To include users that have Global-Read, Administrator orNormal-User permissions it is required to toggle the options:

  • Issue alerts to admins.
  • Issue alerts to read only users
  • Issue alerts to normal users.

Using a Proxy

Using a AMQP based Transport

You need to install an additional php module : bcmath

Alerta

The alerta monitoring system is a tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance' visualisation. With just one system you can monitor alerts from many other monitoring tools on a single screen.

Example:

ConfigExample
API Endpointhttp://alerta.example.com/api/alert
EnvironmentProduction
Apy keyapi key with write permission
Alert statecritical
Recover statecleared

Alertmanager

Alertmanager is an alert handling software, initially developed foralert processing sent by Prometheus.

It has built-in functionality for deduplicating, grouping and routingalerts based on configurable criteria.

LibreNMS uses alert grouping by alert rule, which can produce an arrayof alerts of similar content for an array of hosts, whereasAlertmanager can group them by alert meta, ideally producing onesingle notice in case an issue occurs.

It is possible to configure as many label values as required inAlertmanager Options section. Every label and its value should beentered as a new line.

Multiple Alertmanager URLs (comma separated) are supported. EachURL will be tried and the search will stop at the first success.

Example:

ConfigExample
Alertmanager URL(s)http://alertmanager1.example.com,http://alertmanager2.example.com
Alertmanager Options:source=librenms
customlabel=value

API

The API transport allows to reach any service provider using POST, PUT or GET URLs(Like SMS provider, etc). It can be used in multiple ways:

  • The same text built from the Alert template is available in the variable$msg, which can then be sent as an option to the API. Be carefull thatHTTP GET requests are usually limited in length.
  • The API-Option fields can be directly built from the variables defined inTemplate-Syntax but without the 'alert->' prefix.For instance, $alert->uptime is available as $uptime in theAPI transport
  • The API-Headers allows you to add the headers that the api endpoint requires.
  • The API-body allow sending data in the format required by the ApI endpoint.

A few variables commonly used :

VariableDescription
{{ $hostname }}Hostname
{{ $sysName }}SysName
{{ $sysDescr }}SysDescr
{{ $os }}OS of device (librenms defined)
{{ $type }}Type of device (librenms defined)
{{ $ip }}IP Address
{{ $hardware }}Hardware
{{ $version }}Version
{{ $uptime }}Uptime in seconds
{{ $uptime_short }}Uptime in human-readable format
{{ $timestamp }}Timestamp of alert
{{ $description }}Description of device
{{ $title }}Title (as built from the Alert Template)
{{ $msg }}Body text (as built from the Alert Template)

Example:

The example below will use the API named sms-api of my.example.com and sendthe title of the alert to the provided number using the provided service key.Refer to your service documentation to configure it properly.

ConfigExample
API MethodGET
API URLhttp://my.example.com/sms-api
API Optionsrcpt=0123456789
key=0987654321abcdef
msg=(LNMS) {{ $title }}
API UsernamemyUsername
API PasswordmyPassword

The example below will use the API named wall-display of my.example.com and sendthe title and text of the alert to a screen in the Network Operation Center.

ConfigExample
API MethodPOST
API URLhttp://my.example.com/wall-display
API Optionstitle={{ $title }}
msg={{ $msg }}

The example below will use the API named component of my.example.com with id 1, body as json status value and headers send token authentication and content type required.

ConfigExample
API MethodPUT
API URLhttp://my.example.com/comonent/1
API HeadersX-Token=HASH
Content-Type=application/json
API Body{ 'status': 2 }
Librenms syslog.php

aspSMS

Syslog

aspSMS is a SMS provider that can be configured by using the generic API Transport.You need a token you can find on your personnal space.

Example:

ConfigExample
Transport typeApi
API MethodPOST
API URLhttps://soap.aspsms.com/aspsmsx.asmx/SimpleTextSMS
OptionsUserKey=USERKEY
Password=APIPASSWORD
Recipient=RECIPIENT
Originator=ORIGINATOR
MessageText={{ $msg }}

Boxcar

Copy your access token from the Boxcar app or from the Boxcar.iowebsite and setup the transport.

Example:

ConfigExample
Access Tokeni23f23mr23rwerw

Canopsis

Canopsis is a hypervision tool. LibreNMS can send alerts to Canopsiswhich are then converted to canopsis events.

Example:

ConfigExample
Hostnamewww.xxx.yyy.zzz
Port Number5672
Useradmin
Passwordmy_password
Vhostcanopsis

Cisco Spark (aka Webex Teams)

Cisco Spark (now known as Webex Teams). LibreNMS can send alerts to a CiscoSpark room. To make this possible you need to have a RoomID and a token.You can also choose to send alerts using Markdown syntax. Enabling thisoption provides for more richly formatted alerts, but be sure to adjust youralert template to account for the Markdown syntax.

For more information about Cisco Spark RoomID and token, take a look here :

Example:

ConfigExample
API TokenASd23r23edewda
RoomID34243243251
Use Markdown?x

Clickatell

Clickatell provides a REST-API requiring an Authorization-Token and atleast one Cellphone number.

Here an example using 3 numbers, any amount of numbers is supported:

Example:

ConfigExample
TokendsaWd3rewdwea
Mobile Numbers+1234567890,+1234567891,+1234567892

Discord

The Discord transport will POST the alert message to your DiscordIncoming WebHook. Simple html tags are stripped from the message.

The only required value is for url, without this no call to Discordwill be made. The Options field supports the JSON/Form Params listedin the Discord Docs below.

Example:

ConfigExample
Discord URLhttps://discordapp.com/api/webhooks/4515489001665127664/82-sf4385ysuhfn34u2fhfsdePGLrg8K7cP9wl553Fg6OlZuuxJGaa1d54fe
Optionsusername=myname

Elasticsearch

You can have LibreNMS send alerts to an elasticsearch database. Eachfault will be sent as a separate document.

Librenms Syslog Timestamp

The index pattern uses strftime() formatting.

Example:

ConfigExample
Host127.0.0.1
Port9200
Index Patterlibrenms-%Y.%m.%d

GitLab

LibreNMS will create issues for warning and critical level alertshowever only title and description are set. Uses Personal accesstokens to authenticate with GitLab and will store the token in cleartext.

Example:

ConfigExample
Hosthttp://gitlab.host.tld
Project ID1
Personal Access TokenAbCdEf12345

HipChat

See the HipChat API Documentation for rooms/messagefor details on acceptable values.

You may notice that the link points at the 'deprecated' v1 API. This isbecause the v2 API is still in beta.

Example:

ConfigExample
API URLhttps://api.hipchat.com/v1/rooms/message?auth_token=109jawregoaihj
Room ID7654321
From NameLibreNMS
Optionscolor = red
notify = 1
message_format = text

At present the following options are supported: color, notify and message_format.

Note: The default message format for HipChat messages is HTML. It isrecommended that you specify the text message format to prevent unexpectedresults, such as HipChat attempting to interpret angled brackets (< and>).

IRC

The IRC transports only works together with the LibreNMS IRC-Bot.Configuration of the LibreNMS IRC-Bot is described here.

Example:

ConfigExample
IRCenabled

JIRA

You can have LibreNMS create issues on a Jira instance for criticaland warning alerts. The Jira transport only sets summary anddescription fields. Therefore your Jira project must not have anyother mandatory field for the provided issuetype. The config fieldsthat need to set are Jira URL, Jira username, Jira password, Projectkey, and issue type. Currently http authentication is used to accessJira and Jira username and password will be stored as cleartext in theLibreNMS database.

Example:

ConfigExample
URLhttps://myjira.mysite.com
Project KeyJIRAPROJECTKEY
Issue TypeMyissuetype
Jira Usernamemyjirauser
Jira Passwordmyjirapass

LINE Notify

Example:

ConfigExample
TokenAbCdEf12345

Mail

The E-Mail transports uses the same email-configuration like the rest of LibreNMS.As a small reminder, here is it's configuration directives including defaults:

Example:

ConfigExample
Email[email protected]

Matrix

For using the Matrix transports, you have to create a room on the Matrix-server.The provided Auth_token belongs to an user, which is member of this room.The Message, sent to the matrix-room can be built from the variables defined inTemplate-Syntax but without the 'alert->' prefix.See API-Transport. The variable $msg is contains the result of the Alert template.The Matrix-Server URL is cutted before the beginning of the _matrix/client/r0/... API-part.

Example:

ConfigExample
Matrix-Server URLhttps://matrix.example.com/
Room!ajPbbPalmVbNuQoBDK:example.com
Auth_token:MDAyYmxvY2F0aW9uI...z1DCn6lz_uOhtW3XRICg
Message:Alert: {{ $msg }} https://librenms.example.com

Microsoft Teams

LibreNMS can send alerts to Microsoft Teams Incoming Webhooks which arethen posted to a specific channel. Microsoft recommends usingmarkdown formatting for connector cards.Administrators can opt to composethe MessageCardthemselves using JSON to get the full functionality.

Example:

ConfigExample
WebHook URLhttps://outlook.office365.com/webhook/123456789
Use JSON?x

Nagios Compatible

The nagios transport will feed a FIFO at the defined location with thesame format that nagios would. This allows you to use other alertingsystems with LibreNMS, for example Flapjack.

Example:

ConfigExample
Nagios FIFO/path/to/my.fifo
Syslog

OpsGenie

Using OpsGenie LibreNMS integration, LibreNMS forwards alerts toOpsGenie with detailed information. OpsGenie acts as a dispatcher forLibreNMS alerts, determines the right people to notify based onon-call schedules and notifies via email, text messages (SMS), phonecalls and iOS & Android push notifications. Then escalates alertsuntil the alert is acknowledged or closed.

Create a LibreNMSIntegration fromthe integrations page once you signup. Then copy the API key from OpsGenie to LibreNMS.

If you want to automatically ack and close alerts, leverage Maridintegration. More detail with screenshots is available inOpsGenie LibreNMS Integration page.

Example:

ConfigExample
WebHook URLhttps://url/path/to/webhook

osTicket

LibreNMS can send alerts to osTicket API which are then converted to osTicket tickets.

Example:

ConfigExample
API URLhttp://osticket.example.com/api/http.php/tickets.json
API Token123456789

PagerDuty

LibreNMS can make use of PagerDuty, this is done by utilizing an APIkey and Integraton Key.

API Keys can be found under 'API Access' in the PagerDuty portal.

Integration Keys can be found under 'Integration' for the particularService you have created in the PagerDuty portal.

Example:

ConfigExample
API Keyrandomsample
Integration Keysomerandomstring

Philips Hue

Want to spice up your noc life? LibreNMS will flash all lightsconnected to your philips hue bridge whenever an alert is triggered.

To setup, go to the you http://your-bridge-ip/debug/clip.html

  • Update the 'URL:' field to /api
  • Paste this in the 'Message Body' {'devicetype':'librenms'}
  • Press the round button on your philips Hue Bridge
  • Click on POST
  • In the Command Response You should see output with your username. Copy this without the quotes

More Info: Philips Hue Documentation

Example:

ConfigExample
Hosthttp://your-bridge-ip
Hue Userusername
Duration1 Second

PlaySMS

PlaySMS is an open source SMS-Gateway that can be used via their HTTPAPI using a Username and WebService Token. Please consult PlaySMS'sdocumentation regarding number formatting.

Here an example using 3 numbers, any amount of numbers is supported:

Example:

ConfigExample
PlaySMShttps://localhost/index.php?app=ws
Useruser1
TokenMYFANCYACCESSTOKEN
FromMy Name
Mobiles+1234567892,+1234567890,+1234567891

Pushbullet

Get your Access Token from your Pushbullet's settings page and set it in your transport:

Example:

ConfigExample
Access TokenMYFANCYACCESSTOKEN

Pushover

If you want to change the default notificationsound for all notifications then youcan add the following in Pushover Options:

sound=falling

You also have the possibility to change sound per severity:sound_critical=fallingsound_warning=sirensound_ok=magic

Enabling Pushover support is fairly easy, there are only two required parameters.

Firstly you need to create a new Application (called LibreNMS, forexample) in your account on the Pushover website (https://pushover.net/apps).

Now copy your API Key and obtain your User Key from the newly createdApplication and setup the transport.

Example:

ConfigExample
Api KeyAPPLICATIONAPIKEYGOESHERE
User KeyUSERKEYGOESHERE
Pushover Optionssound_critical=falling
sound_warning=siren
sound_ok=magic
Librenms Syslog

Graylog messages are stored using GMT timezone. You can displaygraylog messages in LibreNMS webui using your desired timezone bysetting the following option in config.php:

Timezone must be PHP supported timezones, available at:https://php.net/manual/en/timezones.php

Graylog Version

If you are running a version earlier than Graylog then please set

to the version number of your Grayloginstall. Earlier versions than 2.1 use the default port

Librenms Syslog-ng Not Working

12900

URI

If you have altered the default uri for your Graylog setup then youcan override the default of /api/ using

User Credentials

If you choose to use another user besides the admin user, please notethat currently you must give the user 'admin' permissions from withinGraylog, 'read' permissions alone are not sufficient.

TLS Certificate

If you have enabled TLS for the Graylog API and you are using aself-signed certificate, please make sure that the certificate istrusted by your LibreNMS host, otherwise the connection willfail. Additionally, the certificate's Common Name (CN) has to matchthe FQDN or IP address specified in

Match Any Address

If you want to match the source address of the log entries against anyIP address of a device instead of only against the primary address andthe host name to assign the log entries to a device, you can activatethis function using

Recent Devices

There are 2 configuration parameters to influence the behaviour of the'Recent Graylog' table on the overview page of thedevices.

Sets the maximum number of rows to be displayed (default: 10)

You can set which loglevels that should be displayed on the overview page. (default: 7, min:0, max: 7)

Shows only entries with a log level less than or equal to 4 (Emergency,Alert, Critical, Error, Warning).

You can set a default Log Level Filter with

(applies to /graylog and /device/device=/tab=logs/section=graylog/ (min: 0, max: 7)

Domain and hostname handling

Suppressing/enabling the domain part of a hostname for specific platforms

You should see if what you get in syslog/Graylog matches up with yourconfigured hosts first. If you need to modify the syslog messages fromspecific platforms, this may be of assistance:

IOS (Cisco)

or

JunOS (Juniper Networks)

PanOS (Palo Alto Networks)

or

Transports are located within LibreNMS/Alert/Transport/ and can beconfigured within the WebUI under Alerts -> Alert Transports.

Contacts will be gathered automatically and passed to the configured transports.By default the Contacts will be only gathered when the alert triggersand will ignore future changes in contacts for the incident.If you want contacts to be re-gathered before each dispatch, pleaseset 'Updates to contact email addresses not honored' to Off in the WebUI.

The contacts will always include the SysContact defined in theDevice's SNMP configuration and also every LibreNMS user that has atleast read-permissions on the entity that is to be alerted.

At the moment LibreNMS only supports Port or Device permissions.

You can exclude the SysContact by toggling 'Issue alerts to sysContact'.

To include users that have Global-Read, Administrator orNormal-User permissions it is required to toggle the options:

  • Issue alerts to admins.
  • Issue alerts to read only users
  • Issue alerts to normal users.

Using a Proxy

Using a AMQP based Transport

You need to install an additional php module : bcmath

Alerta

The alerta monitoring system is a tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance' visualisation. With just one system you can monitor alerts from many other monitoring tools on a single screen.

Example:

ConfigExample
API Endpointhttp://alerta.example.com/api/alert
EnvironmentProduction
Apy keyapi key with write permission
Alert statecritical
Recover statecleared

Alertmanager

Alertmanager is an alert handling software, initially developed foralert processing sent by Prometheus.

It has built-in functionality for deduplicating, grouping and routingalerts based on configurable criteria.

LibreNMS uses alert grouping by alert rule, which can produce an arrayof alerts of similar content for an array of hosts, whereasAlertmanager can group them by alert meta, ideally producing onesingle notice in case an issue occurs.

It is possible to configure as many label values as required inAlertmanager Options section. Every label and its value should beentered as a new line.

Multiple Alertmanager URLs (comma separated) are supported. EachURL will be tried and the search will stop at the first success.

Example:

ConfigExample
Alertmanager URL(s)http://alertmanager1.example.com,http://alertmanager2.example.com
Alertmanager Options:source=librenms
customlabel=value

API

The API transport allows to reach any service provider using POST, PUT or GET URLs(Like SMS provider, etc). It can be used in multiple ways:

  • The same text built from the Alert template is available in the variable$msg, which can then be sent as an option to the API. Be carefull thatHTTP GET requests are usually limited in length.
  • The API-Option fields can be directly built from the variables defined inTemplate-Syntax but without the 'alert->' prefix.For instance, $alert->uptime is available as $uptime in theAPI transport
  • The API-Headers allows you to add the headers that the api endpoint requires.
  • The API-body allow sending data in the format required by the ApI endpoint.

A few variables commonly used :

VariableDescription
{{ $hostname }}Hostname
{{ $sysName }}SysName
{{ $sysDescr }}SysDescr
{{ $os }}OS of device (librenms defined)
{{ $type }}Type of device (librenms defined)
{{ $ip }}IP Address
{{ $hardware }}Hardware
{{ $version }}Version
{{ $uptime }}Uptime in seconds
{{ $uptime_short }}Uptime in human-readable format
{{ $timestamp }}Timestamp of alert
{{ $description }}Description of device
{{ $title }}Title (as built from the Alert Template)
{{ $msg }}Body text (as built from the Alert Template)

Example:

The example below will use the API named sms-api of my.example.com and sendthe title of the alert to the provided number using the provided service key.Refer to your service documentation to configure it properly.

ConfigExample
API MethodGET
API URLhttp://my.example.com/sms-api
API Optionsrcpt=0123456789
key=0987654321abcdef
msg=(LNMS) {{ $title }}
API UsernamemyUsername
API PasswordmyPassword

The example below will use the API named wall-display of my.example.com and sendthe title and text of the alert to a screen in the Network Operation Center.

ConfigExample
API MethodPOST
API URLhttp://my.example.com/wall-display
API Optionstitle={{ $title }}
msg={{ $msg }}

The example below will use the API named component of my.example.com with id 1, body as json status value and headers send token authentication and content type required.

ConfigExample
API MethodPUT
API URLhttp://my.example.com/comonent/1
API HeadersX-Token=HASH
Content-Type=application/json
API Body{ 'status': 2 }

aspSMS

aspSMS is a SMS provider that can be configured by using the generic API Transport.You need a token you can find on your personnal space.

Example:

ConfigExample
Transport typeApi
API MethodPOST
API URLhttps://soap.aspsms.com/aspsmsx.asmx/SimpleTextSMS
OptionsUserKey=USERKEY
Password=APIPASSWORD
Recipient=RECIPIENT
Originator=ORIGINATOR
MessageText={{ $msg }}

Boxcar

Copy your access token from the Boxcar app or from the Boxcar.iowebsite and setup the transport.

Example:

ConfigExample
Access Tokeni23f23mr23rwerw

Canopsis

Canopsis is a hypervision tool. LibreNMS can send alerts to Canopsiswhich are then converted to canopsis events.

Example:

ConfigExample
Hostnamewww.xxx.yyy.zzz
Port Number5672
Useradmin
Passwordmy_password
Vhostcanopsis

Cisco Spark (aka Webex Teams)

Cisco Spark (now known as Webex Teams). LibreNMS can send alerts to a CiscoSpark room. To make this possible you need to have a RoomID and a token.You can also choose to send alerts using Markdown syntax. Enabling thisoption provides for more richly formatted alerts, but be sure to adjust youralert template to account for the Markdown syntax.

For more information about Cisco Spark RoomID and token, take a look here :

Example:

ConfigExample
API TokenASd23r23edewda
RoomID34243243251
Use Markdown?x

Clickatell

Clickatell provides a REST-API requiring an Authorization-Token and atleast one Cellphone number.

Here an example using 3 numbers, any amount of numbers is supported:

Example:

ConfigExample
TokendsaWd3rewdwea
Mobile Numbers+1234567890,+1234567891,+1234567892

Discord

The Discord transport will POST the alert message to your DiscordIncoming WebHook. Simple html tags are stripped from the message.

The only required value is for url, without this no call to Discordwill be made. The Options field supports the JSON/Form Params listedin the Discord Docs below.

Example:

ConfigExample
Discord URLhttps://discordapp.com/api/webhooks/4515489001665127664/82-sf4385ysuhfn34u2fhfsdePGLrg8K7cP9wl553Fg6OlZuuxJGaa1d54fe
Optionsusername=myname

Elasticsearch

You can have LibreNMS send alerts to an elasticsearch database. Eachfault will be sent as a separate document.

Librenms Syslog Timestamp

The index pattern uses strftime() formatting.

Example:

ConfigExample
Host127.0.0.1
Port9200
Index Patterlibrenms-%Y.%m.%d

GitLab

LibreNMS will create issues for warning and critical level alertshowever only title and description are set. Uses Personal accesstokens to authenticate with GitLab and will store the token in cleartext.

Example:

ConfigExample
Hosthttp://gitlab.host.tld
Project ID1
Personal Access TokenAbCdEf12345

HipChat

See the HipChat API Documentation for rooms/messagefor details on acceptable values.

You may notice that the link points at the 'deprecated' v1 API. This isbecause the v2 API is still in beta.

Example:

ConfigExample
API URLhttps://api.hipchat.com/v1/rooms/message?auth_token=109jawregoaihj
Room ID7654321
From NameLibreNMS
Optionscolor = red
notify = 1
message_format = text

At present the following options are supported: color, notify and message_format.

Note: The default message format for HipChat messages is HTML. It isrecommended that you specify the text message format to prevent unexpectedresults, such as HipChat attempting to interpret angled brackets (< and>).

IRC

The IRC transports only works together with the LibreNMS IRC-Bot.Configuration of the LibreNMS IRC-Bot is described here.

Example:

ConfigExample
IRCenabled

JIRA

You can have LibreNMS create issues on a Jira instance for criticaland warning alerts. The Jira transport only sets summary anddescription fields. Therefore your Jira project must not have anyother mandatory field for the provided issuetype. The config fieldsthat need to set are Jira URL, Jira username, Jira password, Projectkey, and issue type. Currently http authentication is used to accessJira and Jira username and password will be stored as cleartext in theLibreNMS database.

Example:

ConfigExample
URLhttps://myjira.mysite.com
Project KeyJIRAPROJECTKEY
Issue TypeMyissuetype
Jira Usernamemyjirauser
Jira Passwordmyjirapass

LINE Notify

Example:

ConfigExample
TokenAbCdEf12345

Mail

The E-Mail transports uses the same email-configuration like the rest of LibreNMS.As a small reminder, here is it's configuration directives including defaults:

Example:

ConfigExample
Email[email protected]

Matrix

For using the Matrix transports, you have to create a room on the Matrix-server.The provided Auth_token belongs to an user, which is member of this room.The Message, sent to the matrix-room can be built from the variables defined inTemplate-Syntax but without the 'alert->' prefix.See API-Transport. The variable $msg is contains the result of the Alert template.The Matrix-Server URL is cutted before the beginning of the _matrix/client/r0/... API-part.

Example:

ConfigExample
Matrix-Server URLhttps://matrix.example.com/
Room!ajPbbPalmVbNuQoBDK:example.com
Auth_token:MDAyYmxvY2F0aW9uI...z1DCn6lz_uOhtW3XRICg
Message:Alert: {{ $msg }} https://librenms.example.com

Microsoft Teams

LibreNMS can send alerts to Microsoft Teams Incoming Webhooks which arethen posted to a specific channel. Microsoft recommends usingmarkdown formatting for connector cards.Administrators can opt to composethe MessageCardthemselves using JSON to get the full functionality.

Example:

ConfigExample
WebHook URLhttps://outlook.office365.com/webhook/123456789
Use JSON?x

Nagios Compatible

The nagios transport will feed a FIFO at the defined location with thesame format that nagios would. This allows you to use other alertingsystems with LibreNMS, for example Flapjack.

Example:

ConfigExample
Nagios FIFO/path/to/my.fifo

OpsGenie

Using OpsGenie LibreNMS integration, LibreNMS forwards alerts toOpsGenie with detailed information. OpsGenie acts as a dispatcher forLibreNMS alerts, determines the right people to notify based onon-call schedules and notifies via email, text messages (SMS), phonecalls and iOS & Android push notifications. Then escalates alertsuntil the alert is acknowledged or closed.

Create a LibreNMSIntegration fromthe integrations page once you signup. Then copy the API key from OpsGenie to LibreNMS.

If you want to automatically ack and close alerts, leverage Maridintegration. More detail with screenshots is available inOpsGenie LibreNMS Integration page.

Example:

ConfigExample
WebHook URLhttps://url/path/to/webhook

osTicket

LibreNMS can send alerts to osTicket API which are then converted to osTicket tickets.

Example:

ConfigExample
API URLhttp://osticket.example.com/api/http.php/tickets.json
API Token123456789

PagerDuty

LibreNMS can make use of PagerDuty, this is done by utilizing an APIkey and Integraton Key.

API Keys can be found under 'API Access' in the PagerDuty portal.

Integration Keys can be found under 'Integration' for the particularService you have created in the PagerDuty portal.

Example:

ConfigExample
API Keyrandomsample
Integration Keysomerandomstring

Philips Hue

Want to spice up your noc life? LibreNMS will flash all lightsconnected to your philips hue bridge whenever an alert is triggered.

To setup, go to the you http://your-bridge-ip/debug/clip.html

  • Update the 'URL:' field to /api
  • Paste this in the 'Message Body' {'devicetype':'librenms'}
  • Press the round button on your philips Hue Bridge
  • Click on POST
  • In the Command Response You should see output with your username. Copy this without the quotes

More Info: Philips Hue Documentation

Example:

ConfigExample
Hosthttp://your-bridge-ip
Hue Userusername
Duration1 Second

PlaySMS

PlaySMS is an open source SMS-Gateway that can be used via their HTTPAPI using a Username and WebService Token. Please consult PlaySMS'sdocumentation regarding number formatting.

Here an example using 3 numbers, any amount of numbers is supported:

Example:

ConfigExample
PlaySMShttps://localhost/index.php?app=ws
Useruser1
TokenMYFANCYACCESSTOKEN
FromMy Name
Mobiles+1234567892,+1234567890,+1234567891

Pushbullet

Get your Access Token from your Pushbullet's settings page and set it in your transport:

Example:

ConfigExample
Access TokenMYFANCYACCESSTOKEN

Pushover

If you want to change the default notificationsound for all notifications then youcan add the following in Pushover Options:

sound=falling

You also have the possibility to change sound per severity:sound_critical=fallingsound_warning=sirensound_ok=magic

Enabling Pushover support is fairly easy, there are only two required parameters.

Firstly you need to create a new Application (called LibreNMS, forexample) in your account on the Pushover website (https://pushover.net/apps).

Now copy your API Key and obtain your User Key from the newly createdApplication and setup the transport.

Example:

ConfigExample
Api KeyAPPLICATIONAPIKEYGOESHERE
User KeyUSERKEYGOESHERE
Pushover Optionssound_critical=falling
sound_warning=siren
sound_ok=magic

Rocket.chat

The Rocket.chat transport will POST the alert message to yourRocket.chat Incoming WebHook using the attachments option. Simple htmltags are stripped from the message. All options are optional, the onlyrequired value is for url, without this then no call to Rocket.chat will be made.

Example:

ConfigExample
Webhook URLhttps://rocket.url/api/v1/chat.postMessage
Rocket.chat Optionschannel=#Alerting
username=myname
icon_url=http://someurl/image.gif
icon_emoji=:smirk:

Sensu

The Sensu transport will POST anEvent to theAgent APIupon an alert being generated.

It will be categorised (ok, warning or critical), and if you configure thealert to send recovery notifications, Sensu will also clear the alertautomatically. No configuration is required - as long as you are running theSensu Agent on your poller with the HTTP socket enabled on tcp/3031, LibreNMSwill start generating Sensu events as soon as you create the transport.

Acknowledging alerts within LibreNMS is not directly supported, but anannotation (acknowledged) is set, so a mutator or silence, or even thehandler could be written to look for it directly in the handler. There is alsoan annotation (generated-by) set, to allow you to treat LibreNMS eventsdifferently from agent events.

The 'shortname' option is a simple way to reduce the length of device names inconfigs. It replaces the last 3 domain components with single letters (e.g.websrv08.dc4.eu.corp.example.net gets shortened to websrv08.dc4.eu.cen).

Limitations

  • Only a single namespace is supported
  • Sensu will reject rules with special characters - the Transport will attemptto fix up rule names, but it's best to stick to letters, numbers and spaces
  • The transport only deals in absolutes - it ignores the got worse/got betterstates
  • The agent will buffer alerts, but LibreNMS will not - if your agent isoffline, alerts will be dropped
  • There is no backchannel between Sensu and LibreNMS - if you make changes inSensu to LibreNMS alerts, they'll be lost on the next event (silences will work)

Example:

ConfigExample
Sensu Endpointhttp://localhost:3031
Sensu Namespaceeu-west
Check Prefixlnms
Source Keyhostname

Slack

The Slack transport will POST the alert message to your Slack IncomingWebHook using the attachments option, you are able to specify multiplewebhooks along with the relevant options to go with it. Simple htmltags are stripped from the message. All options are optional, theonly required value is for url, without this then no call to Slack will be made.

We currently support the following attachment options:

author_name

Example:

ConfigExample
Webhook URLhttps://slack.com/url/somehook
Slack Optionsauthor_name=Me

SMSEagle

SMSEagle is a hardware SMS Gateway that can be used via their HTTP APIusing a Username and password.

Destination numbers are one per line, with no spaces. They can be ineither local or international dialling format.

Example:

ConfigExample
SMSEagle Hostip.add.re.ss
Usersmseagle_user
Passwordsmseagle_user_password
Mobiles+3534567890
0834567891

SMSmode

SMSmode is a SMS provider that can be configured by using the generic API Transport.You need a token you can find on your personnal space.

Example:

ConfigExample
Transport typeApi
API MethodPOST
API URLhttp://api.smsmode.com/http/1.6/sendSMS.do
OptionsaccessToken=PUT_HERE_YOUR_TOKEN
numero=PUT_HERE_DESTS_NUMBER_COMMA_SEPARATED
message={{ $msg }}

Splunk

LibreNMS can send alerts to a Splunk instance and provide all deviceand alert details.

Example output:

``Feb 21 15:21:52 nms hostname='localhost', sysName='localhost', sysDescr=', sysContact=', os='fortigate', type='firewall', ip='localhost', hardware='FGT_50E', version='v5.6.9', serial=', features=', location=', uptime='387', uptime_short=' 6m 27s', uptime_long=' 6 minutes 27 seconds', description=', notes=', alert_notes=', device_id='0', rule_id='0', proc=', status='1', status_reason=', ping_timestamp=', ping_loss='0', ping_min='25.6', ping_max='26.8', ping_avg='26.3', elapsed='14m 54s', uid='0', alert_id='0', severity='critical', name='Device up/down', timestamp='2020-02-21 15:21:33', state='0', device_device_id='0', device_inserted=', device_hostname='localhost', device_sysName='localhost', device_ip='localhost', device_overwrite_ip=', device_timeout=', device_retries=', device_snmp_disable='0', device_bgpLocalAs='0', device_sysObjectID=', device_sysDescr=', device_sysContact=', device_version='v5.6.9', device_hardware='FGT_50E', device_features='build1673', device_location_id=', device_os='fortigate', device_status='1', device_status_reason=', device_ignore='0', device_disabled='0', device_uptime='387', device_agent_uptime='0', device_last_polled='2020-02-21 15:21:33', device_last_poll_attempted=', device_last_polled_timetaken='7.9', device_last_discovered_timetaken='11.77', device_last_discovered='2020-02-21 13:16:42', device_last_ping='2020-02-21 15:21:33', device_last_ping_timetaken='26.3', device_purpose=', device_type='firewall', device_serial='FGT50EXXX', device_icon='images/os/fortinet.svg', device_poller_group='0', device_override_sysLocation='0', device_notes=', device_port_association_mode='1', device_max_depth='0', device_disable_notify='0', device_location=', device_vrf_lites='Array', device_lat=', device_lng=', - sysObjectID => ';

Each alert will be sent as a separate message.

Librenms Syslog.php

Example:

ConfigExample
Host127.0.0.1
UDP Port514

Syslog

You can have LibreNMS emit alerts as syslogs complying with RFC 3164.

More information on RFC 3164 can be found here:https://tools.ietf.org/html/rfc3164

Example output: <26> Mar 22 00:59:03 librenms.host.net librenms[233]:[Critical] network.device.net: Port Down - port_id => 98939; ifDescr => xe-1/1/0;

Each fault will be sent as a separate syslog.

Example:

ConfigExample
Host127.0.0.1
Port514
Facility3

Telegram

Thank you to snis for these instructions.

  1. First you must create a telegram account and add BotFather to you list. To do this click on the following url: https://telegram.me/botfather

  2. Generate a new bot with the command '/newbot' BotFather is then asking for a username and a normal name. After that your bot is created and you get a HTTP token. (for more options for your bot type '/help')

  3. Add your bot to telegram with the following url: http://telegram.me/ to use app or https://web.telegram.org/ to use in web, and send some text to the bot.

  4. The BotFather should have responded with a token, copy your token code and go to the following page in chrome: https://api.telegram.org/bot/getUpdates (this could take a while so continue to refresh until you see something similar to below)

  5. You see a json code with the message you sent to the bot. Copy the Chat id. In this example that is '-9787468' within this example: 'message':{'message_id':7,'from':'id':656556,'first_name':'Joo','last_name':'Doo','username':'JohnDoo'},'chat':{'id':-9787468,'title':'Telegram Group'},'date':1435216924,'text':'Hi'}}]}.

  6. Now create a new 'Telegram transport' in LibreNMS (Global Settings -> Alerting Settings -> Telegram transport). Click on 'Add Telegram config' and put your chat id and token into the relevant box.

  7. If want to use a group to receive alerts, you need to pick the Chat ID of the group chat, and not of the Bot itself.

Example:

ConfigExample
Chat ID34243432
Token3ed32wwf235234
FormatHTML or MARKDOWN

Twilio SMS

Twilio will send your alert via SMS. From your Twilio account youwill need your account SID, account token and your Twilio SMS phonenumber that you would like to send the alerts from. Twilio's APIs arelocated at: https://www.twilio.com/docs/api?filter-product=sms

Example:

ConfigExample
SIDACxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Token7xxxx573acxxxbc2xxx308d6xxx652d32
Twilio SMS Number8888778660

UKFast PSS

UKFast PSS tickets can be raised from alerts using the UKFastPSS transport. This required an API key with PSS write permissions

Example:

ConfigExample
API KeyABCDefgfg12
Author5423
PriorityCritical
Securetrue

VictorOps

VictorOps provide a webHook url to make integration extremelysimple. To get the URL required login to your VictorOps account and go to:

Settings -> Integrations -> REST Endpoint -> Enable Integration.

Librenms Syslog Alerts

The URL provided will have $routing_key at the end, you need to changethis to something that is unique to the system sending the alertssuch as librenms. I.e:

https://alert.victorops.com/integrations/generic/20132414/alert/2f974ce1-08fc-4dg8-a4f4-9aee6cf35c98/librenms

Example:

ConfigExample
Post URLhttps://alert.victorops.com/integrations/generic/20132414/alert/2f974ce1-08fc-4dg8-a4f4-9aee6cf35c98/librenms

Kayako Classic

LibreNMS can send alerts to Kayako Classic API which are thenconverted to tickets. To use this module, you need REST API featureenabled in Kayako Classic and configured email account at LibreNMS. Toenable this, do this:

Librenms Syslog Server

AdminCP -> REST API -> Settings -> Enable API (Yes)

Also you need to know the department id to provide tickets toappropriate department and a user email to provide, which is used asticket author. To get department id: navigate to appropriatedepartment name at the departments list page in Admin CP and watch thenumber at the end of url. Example:http://servicedesk.example.com/admin/Base/Department/Edit/17. DepartmentID is 17

As a requirement, you have to know API Url, API Key and API Secret toconnect to servicedesk

Example:

ConfigExample
Kayako URLhttp://servicedesk.example.com/api/
Kayako API Key8cc02f38-7465-4a0c-8730-bb3af122167b
Kayako API SecretY2NhZDIxNDMtNjVkMi0wYzE0LWExYTUtZGUwMjJiZDI0ZWEzMmRhOGNiYWMtNTU2YS0yODk0LTA1MTEtN2VhN2YzYzgzZjk5
Kayako Department1

Signal CLI

Librenms Syslog Docker

Use the Signal Mesenger for Alerts. Run the Signal CLI with the D-Bus option.

Example:

ConfigExample
Path/opt/signal-cli/bin/signal-cli
Recipient typeGroup
Recipientdfgjsdkgljior4345

SMSFeedback

Librenms Syslog Filter

SMSFeedback is a SAAS service, which can be used to deliver Alerts via API, using API url, Username & Password.

They can be in international dialling format only.

Example:

ConfigExample
Usersmsfeedback_user
Passwordsmsfeedback_password
Mobiles71234567890
Sender nameCIA




broken image