[Beta] Push user logs to Syslog server

User12Hubitat · August 18, 2020, 3:30pm

I'm not very experienced with syslog, but this device driver works for me. feedback is appreciated.

https://github.com/hubitatuser12/hubitatCode/blob/master/drivers/Syslog.groovy

johnwick · August 21, 2020, 5:39am

So, you're using a localhost connection to the websocket within hubitat to get the logs? Why not simply connect to the websocket from the system you are dumping the logs to? That seems like it would be a lot less hassle and trouble to me. This is like faxing yourself a copy something you just noted down. Yeah, it works. But could you have just kept the note?

User12Hubitat · August 22, 2020, 2:56pm

That would require more software. If you just have a syslog server running somewhere you can use this driver to send your logs to it. Otherwise you'd have to setup a nodejs server or something else to pull the logs from the hub and then send it to the syslog server (3 servers) instead of the syslog server and the hubitat hub (2 servers)

Evilborg · August 22, 2020, 10:19pm

Thanks for this. I like that its formatted correctly for syslogging.

staylorx · August 24, 2020, 4:54pm

Thanks for the kind words. @Evilborg, thanks for noticing the formatting. It was really important to me that it matched up to spec too.

@johnwick, I tried -- with mixed success -- using the websocket plugin for Logstash. It was okay, but I have quite a bit already invested with syslog servers (since nearly all my infrastructure "speaks" it in some form or fashion). And even though I do use logstash and the "beats" quite a lot, configure the websocket plugin for all the odd devices on my HE got to be overwhelming. As @User12Hubitat mentioned, my logstash instance became the 3rd server.

When @User12Hubitat gave me a headstart (!) with UDP -- and though I do like nodejs, I was glad to not have to stand that up -- I sort of ran with it.

jon2288 · October 26, 2020, 2:35am

I'm getting a 404 when I try to pull up the link to the code. Has the code base moved to another repo?

Definitely looking to try out the syslog function! Excellent work based on what I've read in this and another thread.

ogiewon · October 26, 2020, 2:38am

Try

github.com

staylorx/hubitatCode/blob/master/drivers/Syslog.groovy

/**
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 */

/* Notes

2020-08-18 - staylorx
  - A couple of dumb coding errors, and still trying to sort out TCP

This file has been truncated. show original

jon2288 · October 26, 2020, 3:20am

Thank you, that link works!

bits2phys · January 2, 2021, 6:32pm

Thank you @staylorx , @User12Hubitat! I was looking for a good way to set led lights off a raspberry pi to show status of my garage doors. Just something sitting in the kitchen and without having to open the Hubitat app etc.

Syslog to raspberry pi -> parse message -> set led (green or red)

Thank you again and happy new year!

staylorx · January 4, 2021, 10:43pm

I'm really glad it was useful. Thanks for letting me know what you did with it. Fun!

simon4 · February 22, 2022, 7:45pm

@staylorx Hi, I just set this up using my Synology NAS. I didn't realize that Synology had a syslog server built in which was a pleasant surprise. Nothing fancy but seems to work for tracking my HA devices.

I could not get it to work with UDP on default port - I will have to play around with that more. But I did try running it with TCP and randomly selected a port.

I am getting a lot of the Read timed out messages. I see some posts in another thread about this, and some back and forth but it didn't look like there was a resolution?

Also my Synology is not capturing the host name, even though I specified "Hubitat" in the device field. Instead it is showing the IP address. This is not a big deal.

Thanks for putting this out there - this is exactly what the doctor ordered when trying to trace issues back over time - as I have been doing right now.

Evilborg · March 5, 2022, 4:17am

If you can edit the hosts file with the hub name and IP it wont do this anymore....

simon4 · March 5, 2022, 2:48pm

Thanks - managed to get to hosts on my Synology and update it. Works nicely.

FriedCheese2006 · July 22, 2022, 5:47pm

@staylorx Are you still using HE and using this?

Anyone else seen issues with the "priority" field? Using the default driver and sending to Splunk, this is what a message looks like:

Jul 22 13:30:42 10.22.83.200 1 2022-07-22T13:30:45.573-04:00 he_logs Hubitat - - [sd_id_1@32473 device_name="ADC Security Panel" device_id="688"] QolSys IQ Alarm Panel: Status is receive error: Read timed out

Note that Splunk isn't picking up the time stamp from the log entry properly. This is kind of a big deal since the logs will end up out of order which could really jack up trouble-shooting. Also, the "priority" field is just coming across as the number "1" (between the two time stamps).

I've forked this out (for the third time) and edited the priority portion to just send the log level in plain text as HE sees it. Much cleaner to me. The fork can be found here. Here's what the logs looks like after:

trace 2022-07-22T13:41:11.956-04:00 he_logs Hubitat - - [sd_id_1@32473 device_name="ADC Security Panel" device_id="688"] QolSys IQ Alarm Panel: processZoneActive

chowell · July 31, 2022, 8:29pm

I'm trying to send these logs to my Synology log center. Do you know if they're being sent in BSD or IETF format?

FriedCheese2006 · August 1, 2022, 1:26am

It's closer to IETF

system · August 1, 2023, 1:26am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.