|
|
| Author |
Message |
sini
Cacti User
Joined: 24 Nov 2003
Posts: 55
Location: Hungary
|
 Posted: Wed Nov 29, 2006 12:16 pm Post subject: |
 |
|
Hi,
Same to me. The data inside the syslog_incoming table is not transferred automatically to the syslog table.
I can see the sql inserts in myslq.pipe
I use cacti-0.8.6i and haloe 0.4 with plugin arch. |
|
| Back to top |
|
 |
Whizzer
Joined: 31 May 2005
Posts: 3
|
| Posted: Thu Nov 30, 2006 8:06 am Post subject: |
|
|
Hi,
The Syslog plugin is great and is a big plus to the Cacti application. Only one minor thing isn't working like I was hoping for, but due to the lack of knowledge about php/mysql (just a Cisco network administrator with a passion for linux/unix), I can't seem to solve it myself.
The problem is pretty simpel. Entries get displayed "twice", or more specific: date, time & message sequence is displayed twice. Example of a logging entry:
| Code: |
INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, program, msg)
VALUES ( 'switch15', 'local6', 'notice', 'notice', 'b5', '2006-11-30', '13:46:48', '36761:', '36761: Nov 30 13:46:48.115 CET: LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet3/7, changed state to up' );
|
As you can see, date and time are added seperate int the database, but also together with the message. The same goed for the seq # (36761 in this example). On page 9 of this topic you can see twelzy's screenshot which (besides the seq number) does the same thing.
Can anyone help me to fix this? If you need more info, let me know!
Regards,
Whizzer |
|
| Back to top |
|
|
cigamit
Developer
Joined: 07 Apr 2005
Posts: 946
Location: B/CS Texas
|
| Posted: Fri Dec 01, 2006 7:28 pm Post subject: |
|
|
| Whizzer wrote: |
As you can see, date and time are added seperate int the database, but also together with the message. |
What syslog to mysql program are you using? Its the one doing it improperly. Unless ofcourse your servers are reporting improperly to the server. The plugin only reads what the syslog daemon actually inserted, and directly moves it over. |
|
| Back to top |
|
|
Whizzer
Joined: 31 May 2005
Posts: 3
|
| Posted: Mon Dec 04, 2006 4:30 am Post subject: |
|
|
| cigamit wrote: | | Whizzer wrote: |
As you can see, date and time are added seperate int the database, but also together with the message. |
What syslog to mysql program are you using? Its the one doing it improperly. Unless ofcourse your servers are reporting improperly to the server. The plugin only reads what the syslog daemon actually inserted, and directly moves it over. |
I've used a script which also was found somewhere around here. Several version are posted, maybe it's the wrong one.
Let me post some (hopefully) interesting info for you:
OS: Fedora Core 6
Cacti: 0.8.6i
Mysql: 5.0.27 (The one which comes with FC6 or yum updates)
And of course syslog-ng.
Most interesting part of syslog-ng.conf:
| Code: |
destination d_mysql {
pipe("/tmp/mysql.pipe" template("INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
|
and the script which puts the log in Mysql:
| Code: |
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u TheUser --password=ThePassword syslog < /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi
|
And the mysql database structure:
| Code: |
mysql> SHOW COLUMNS FROM syslog;
+----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+------------------+------+-----+---------+----------------+
| facility | varchar(10) | YES | | NULL | |
| priority | varchar(10) | YES | | NULL | |
| date | date | YES | | NULL | |
| time | time | YES | | NULL | |
| host | varchar(128) | YES | | NULL | |
| message | text | YES | | NULL | |
| seq | int(10) unsigned | NO | PRI | NULL | auto_increment |
+----------+------------------+------+-----+---------+----------------+
7 rows in set (0.01 sec)
mysql>
|
Any help is welcome! But again, I'm not an PHP/MySQL hero, so if changes need to be done in the databse structure, please let me know how to do this...  |
|
| Back to top |
|
|
cinico
Joined: 04 Dec 2006
Posts: 1
|
| Posted: Mon Dec 04, 2006 8:06 pm Post subject: |
|
|
I have a similar problem I think.
I am running CactiEZ Beta v0.2 with no modifications except the Discovery plugin has been updated.
Host Info follows:
| Quote: | Cacti Version - 0.8.6i
Plugin Architecture - 1.0
Poller Type - Cactid v0.8.6i
Server Info - Linux 2.6.9-42.0.3.EL
Web Server - Apache/2.0.52 (CentOS)
PHP - 4.3.9
PHP Extensions - yp, xml, wddx, tokenizer, sysvshm, sysvsem, standard, sockets, shmop, session, pspell, posix, pcre, overload, mime_magic, iconv, gmp, gettext, ftp, exif, dio, dbx, dba, curl, ctype, calendar, bz2, bcmath, zlib, openssl, apache2handler, gd, mysql, snmp, eAccelerator
MySQL - 4.1.20
RRDTool - 1.2.15
SNMP - 5.1.2
PluginsPHP Network Weathermap (weathermap - v0.82)
Thresholds (thold - v0.3.0)
Device Monitoring (monitor - v0.7)
Network Discovery (discovery - v0.7)
Network Tools (tools - v0.2)
Syslog Monitoring (haloe - v0.4)
mactrack
RRD Cleaner (rrdclean - v1.1)
Update Checker (update - v0.3)
FlowView (flowview - v0.3)
Host Info (hostinfo - v0.1)
Error Images (errorimage - v0.1) |
I used Webmin to configure Local3 facility coming in via Net source to go to MySQL.
It works great. All I do is tell my Cisco switch to log to the CactiEZ server on Local3 and the host and log entries show up under the Syslog tab in Cacti. My only problem is that all of these Net entries are doubled. 
Localhost entries are not.
Can someone give me a clue as to why that might be?
Thanks! |
|
| Back to top |
|
|
dpartow
Joined: 04 May 2006
Posts: 19
|
| Posted: Wed Dec 27, 2006 10:39 pm Post subject: syslog installation issues |
|
|
Hi all.
I want to see syslog from systems. I already installed syslog-ng and when I install the haloe plugin I see no data. Is there something I am missing? Do I have to configure syslog-ng?
I have the following installed
Cacti Version 0.8.6i
Plugin Architecture 1.0
Poller Type CMD.php
Server Info Linux 2.6.9-34.ELsmp
Web Server Apache/2.0.52 (Red Hat)
PHP Version 4.3.9
PHP Extensions yp, xml, wddx, tokenizer, sysvshm, sysvsem, standard, sockets, shmop, session, pspell, posix, pcre, overload, mime_magic, iconv, gmp, gettext, ftp, exif, dio, dbx, dba, curl, ctype, calendar, bz2, bcmath, zlib, openssl, apache2handler, ldap, mysql, snmp
MySQL Version 4.1.20
RRDTool Version 1.2.15
SNMP Version 5.1.2
Plugins PHP Network Weathermap (weathermap - v0.82)
Thresholds (thold - v0.3.0)
Update Checker (update - v0.3)
Host Info (hostinfo - v0.1)
Network Tools (tools - v0.2)
Device Monitoring (monitor - v0.7)
NTop Viewer (ntop - v0.1)
Syslog Monitoring (haloe - v0.4)
Can someone help me? E-mail me or post. My e-mail address is dpf5@yahoo.com |
|
| Back to top |
|
|
cigamit
Developer
Joined: 07 Apr 2005
Posts: 946
Location: B/CS Texas
|
| Posted: Fri Dec 29, 2006 10:33 pm Post subject: |
|
|
Yep, it has to be configured, and a script has to be setup. Most of the important items have already been done for you, just need to copy and paste.
Google Serach of Cacti.net |
|
| Back to top |
|
|
dpartow
Joined: 04 May 2006
Posts: 19
|
| Posted: Sat Dec 30, 2006 11:29 pm Post subject: syslog-ng with plugin not working for me PLEASE HELP |
|
|
Hi all.
Can you please give me a detail instructions on how to do this? I am really having some difficulty.
I have already created the mysql database called syslog.
I just need help with seeing the syslogs in the plugin in cacti.
Can someone help me? E-mail me or post. My e-mail address is dpf5@yahoo.com |
|
| Back to top |
|
|
pconrad
Joined: 12 Jun 2006
Posts: 14
|
| Posted: Tue Jan 02, 2007 3:27 pm Post subject: Problems searching message |
|
|
| When I try to search the message text for an IP address (192.168.1.1) it doesn't put the periods in the search area. It replaces them with spaces (192 168 1 1) Because of this, it never returns the correct data. How can I search for IP addresses? |
|
| Back to top |
|
|
cigamit
Developer
Joined: 07 Apr 2005
Posts: 946
Location: B/CS Texas
|
| Posted: Thu Jan 04, 2007 10:49 pm Post subject: Re: Problems searching message |
|
|
| pconrad wrote: | | When I try to search the message text for an IP address (192.168.1.1) it doesn't put the periods in the search area. It replaces them with spaces (192 168 1 1) Because of this, it never returns the correct data. How can I search for IP addresses? |
Known bug, I am working on it. |
|
| Back to top |
|
|
nahun
Cacti User
Joined: 15 Feb 2006
Posts: 92
Location: Idaho
|
| Posted: Tue Jan 09, 2007 1:14 pm Post subject: |
|
|
This is a feature request, so not urgent, just a suggestion.
I get millions of logs so I don't keep them all in one table. I wrote a script to move them into another table each week. Sometimes though I would like to view those old syslogs in other tables. Maybe there could be a setting of which table to use to view the syslogs without going to the config.php.
Just a suggestion and it might be stupid  |
|
| Back to top |
|
|
idle
Joined: 26 May 2004
Posts: 49
Location: Russia: Saint Petersburg
|
| Posted: Sat May 19, 2007 6:03 am Post subject: |
|
|
There is error in a syslog.sql from last version at cactiusers.
There isn't column "status" in table syslog.
That was my reason why data wouldn't go into table syslog from syslog_incoming. Now all wonderfully.  |
|
| Back to top |
|
|
adrianmarsh
Cacti User
Joined: 17 Aug 2005
Posts: 417
Location: UK
|
| Posted: Sat May 19, 2007 7:29 am Post subject: |
|
|
nahun,
Not a stupid suggestion. I too have the same problem. I "snort" one windows server event log out to my cacti PC, and after about 2 weeks worth of logs it takes an age to even view the syslog plugin, never mind search it.
Clearing the syslog tables is my temporary fix (not a good one obviously).
I'd be interested in seeing your script for moving the tables.
Adrian |
|
| Back to top |
|
|
pyoung
Joined: 07 Nov 2005
Posts: 13
|
| Posted: Thu May 24, 2007 2:59 pm Post subject: |
|
|
I read over this thread (all 17 pages!), and didn't see an answer to the question I have:
Does this work with the cactid poller, or do you have to run poller.php to have this work? I've converted our cacti install here to use cactid, but the cronjob that runs poller.php is still in place (if I comment it out, syslogs no longer update)..
Help? |
|
| Back to top |
|
|
adrianmarsh
Cacti User
Joined: 17 Aug 2005
Posts: 417
Location: UK
|
| Posted: Thu May 24, 2007 4:22 pm Post subject: |
|
|
The only cronjobs should be poller.php and fastpoller.php (latter for CactiEZ)
Poller.php in turn calls cactid (based on your Settings via the www page). Its cactid vs cmd.php, either initiated from poller.php
You don't run cactid manually. |
|
| Back to top |
|
|
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
