Syslog monitor addon beta

[cigamit]

[goosed]

Thanks for the info cigamit. With that I've decided to move to Syslog-NG for my purposes.

However I am having trouble getting it to run. I've followed a setup guide from here but cannot get Syslog to output anything.

I have declared my source net and created the fifo pipe, but when I cat the pipe or tail /var/log/messages I have nothing. Any ideas? Thanks again.

[goosed]

It magically started working. Not sure how, but I'm getting stuff through the pipe and into my database. So far so good.

[goosed]

Don't mean to be a pain but I checked this morning and logs are no longer going into my database. I remade the pipe and restarted Syslog, but nothing. When I cat the pipe I can see tons of stuff going through it.

[cigamit]

[airwalk]

Guys, you rock! Keep up the good work!

The only things I eager to see in Haloe are a simple implementation of regex and alerting capability.

And a small tip for those who use mysql on non-standard port. In order to run Haloe you would need to set port manually for the function db_connect_real in lib/database.php like this:

" db_connect_real($host,$user,$pass,$db_name,$db_type, $port = "3307", $retries = 20) "

[goosed]

Hey cigamit thanks for the reply. I actually reverted back to Rsyslog after doing some reading and was successfully able to get that to filter into my MySQL database. I figured that the pipe was probably dying and couldn't bare trying to fix it again. It looks like it's working well now. I've gotten the alerts and removals working so hopefully everything will stay the way it is. Thanks again.

[cigamit]

[airwalk]

When (or where) could we get this "my version"? =)

As of regex it would be great to implement basic regex metacharacters for "Search 'Message' text:". For example, it's often when we need to search for an entries which has text "aaa" and text "bbb" somewhere in the record.

[cigamit]

[airwalk]

I suppose there's a kind of bug/misbehavior. If you've got a misconfiguration with your e-mail options and email function doesn't execute correctly then the actual messages doesn't transfer from incoming_syslog to syslog. Only the status changes from "0".

Besides, if I set an alert and click on "save" i receive "the page cannot be displayed". Though If I refresh the page everything goes fine and I see an alert as created.

I use IIS6 with normal CGI and Zend.

I doubt maybe it's a web server problem?

[mpb]

am posting this issue here, not to create a new thread.

i installed haloe 0.4 on cacti 0.86i with freebsd and it works ok so far - ie i can view logs that are located in syslog, which would have been transfered from syslog_incoming.

however when i select a 'preset' time range it doesnt seem to work, and always goes back to the default 'half hour' regardless of which option i use.

anyone seen this ?


thanks

[qwertz]

hello,

I am trying to install haloe 0.4

I can see the logs populating the database but the problem is i don't see theses logs through cacti

Everything seems to work and in the haloe folder, i only changed the database settings in config.php file

I can see someting only after i enter manually the command below:
root@ubuntu:/usr/share/cacti/site/plugins# php5 -q /usr/share/cacti/site/plugins/haloe/syslog_process.php /debug
Deleted 0 old Messages (older than 30 days)
Unique ID = 45
Found 10 new Messages to process
Found 0 Removal Rules to process
Found 0 Alert Rules to process
Moved 10 Messages to the 'syslog' table
Deleted 10 already processed Messages from incoming

In fact, the data inside the syslog_incoming table is not transferred automatically to the syslog table.

Will i be forced to add a cron job to run the syslog_process.php file?

can you help me?
Thanks

Qwertz

[cigamit]

[qwertz]

Thank you very much for your help.

in the bottom of the poller.php file, i have :

do_hook("poller_bottom");

Is it normal?

i have cacti 0.8.6h, this is perhaps why i have the problem. it was working with cacti 0.8.6g

REgards

QWertz