|
|
| Author |
Message |
noflies
Cacti User
Joined: 18 Dec 2005
Posts: 83
|
 Posted: Tue Feb 26, 2008 8:36 pm Post subject: [HOWTO] Install Syslog 0.5.2 plugin on Linux/Unix Cacti vers |
 |
|
HOW-TO Install Syslog 0.5.2 plugin on Linux/Unix Cacti versions 0.8.7, 0.8.7a and 0.8.7b
-------------------------------------------------------------------------------------------
[submitted by noflies, 26 Feb 2008]
[updated by noflies, 16 May 2008 with suggestions by joez...adding "SQL grant priv" commands in 4a]
NOTE: These instructions reference variables for documentation purposes only.
<cacti_path> Cacti's root path (usually /var/www/html or /usr/share/cacti)
<cacti_user> Cacti's user for polling access (usually cacti or cactiuser)
<cacti_pass> Cacti's password for polling access (usually cacti or cactiuser)
<cacti_dbuser> Cacti's user for database access (usually cacti or cactiuser)
<cacti_dbpass> Cacti's password for database access (usually cacti or cactiuser)
<http_user> HTTP daemon user for running web server (usually apache)
<http_pass> HTTP daemon password for running web server
Substitute your specific locations and parameters.
1. Install, configure and test SYSLOG-NG per instructions within the syslog-ng package/tar.
Make sure syslog-ng is working as you expect before continuing.
2. Download the syslog plugin from cactiusers.org.
As of 25 Feb 2008, the syslog plugin is located at <"http://cactiusers.org/downloads/syslog.tar.gz">.
Version 0.5.2, maintained by Jimmy Conner. [THANKS Jimmy!!!]
Untar it into the directory <cacti_path>/plugins/syslog
3. Edit the <cacti_path>/plugins/syslog/config.php with your installation's database name and user credentials.
Here is an EXAMPLE only;
| Code: | $syslogdb_type = 'mysql';
$syslogdb_default = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = '<cacti_dbuser>';
$syslogdb_password = '<cacti_dbpass>'; |
NOTE: Change the above user credentials to your specific installation.
4. Create the syslog database with the syslog.sql commands.
| Code: | shell> mysqladmin --user=root create syslog
shell> mysql syslog < <cacti_path>/plugins/syslog/syslog.sql |
NOTE: The syslog.sql file is in the syslog plugin tar file.
4a. Grant privileges to cactidb_user for the syslogdb_default.
| Code: | shell# mysql --user=root --password
Enter password: ********
mysql> GRANT ALL ON <syslogdb_default>.* TO <cacti_dbuser>@<syslogdb_hostname> IDENTIFIED BY '<cacti_dbpass>';
mysql> flush privileges;
mysql> exit |
NOTE: Change the above user credentials to your specific installation.
5. Edit the /etc/init.d/syslog-ng file.
--INSERT the following line AFTER the "start() {" line
| Code: | | /sbin/syslogtomysql & |
--INSERT the following line AFTER the "stop() {" line
| Code: | | killall -9 syslogtomysql > /dev/null |
6. Create the /sbin/syslogtomysql bash script.
| Code: | #!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
mkfifo /tmp/mysql.pipe
fi
while [ -e /tmp/mysql.pipe ]
do
mysql -u <cacti_dbuser> --password=<cacti_dbpass> syslog < /tmp/mysql.pipe
done |
NOTE: Change the above user credentials to your specific installation.
7. Change the /sbin/syslogtomysql file permissions to 755 owned by root:root.
| Code: | shell> chmod 755 /sbin/syslogtomysql
shell> chown root:root /sbin/syslogtomysql |
8. ADD the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file
| Code: | source net {
udp();
};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};
log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); }; |
NOTE: The "template(" line begins with "template(" and ends with the $MSG' );\n"). The line may appear to wrap due to the length of the line. MAKE SURE your config file does not break the line apart.
9. Restart the syslog-ng daemon. Typically by using one of the following:
| Code: | | shell> service syslog-ng restart |
-OR-
| Code: | | shell> kill -HUP syslog-ng |
10. Add the syslog plugin to the $plugins_array in <cacti_path>/include/global.php
At ABOUT line 46; INSERT the following line AFTER the "$plugins[] = 'settings';"
| Code: | | $plugins[] = 'syslog'; |
11. Verify user rights and permissions on the syslog/plugin files
| Code: | shell> chown -R <http_user>:<http_user> <cacti_path>/plugins/syslog/
shell> chmod -R 644 <cacti_path>/plugins/syslog/ |
NOTE: Change the above user credentials to your specific installation.
12. Within cacti, grant user rights for Syslog plugin/realm.
Navigate to Console ->
Utilities ->
User Management ->
<SELECT USER>
Realm Permissions ->
Enable "View Syslog" and/or "Configure Syslog Alerts/Reports"
Click Save.
That should do it. Now repeat your syslog-ng testing you completed in step 1 to verify syslog-ng was working.
Within Cacti, you should begin to see those syslog entries on the syslog tab.
Please post any updates/suggestions to this HOWTO in this forum.
Please post any issues with the syslog plugin in the PLUGINS-General forum.
Last edited by noflies on Fri May 16, 2008 8:23 pm; edited 1 time in total |
|
| Back to top |
|
 |
joez
Joined: 11 Feb 2008
Posts: 34
|
| Posted: Thu May 08, 2008 5:37 am Post subject: |
|
|
Isnt something like
| Code: | GRANT
ALL ON syslog.* TO cactiuser@localhost IDENTIFIED BY ’password’; |
missing here? |
|
| Back to top |
|
|
joez
Joined: 11 Feb 2008
Posts: 34
|
| Posted: Thu May 08, 2008 6:01 am Post subject: |
|
|
the line
| Code: | | log { source(s_sys); destination(d_mysql); }; |
also caused my syslog-ng to fail on restart, because s_sys is unknown.
....
I have to say that the README contained in the syslog-plugin sucks, because it does not let you know that there is a lot more stuff to do to get the plugin actually work. Alot of users spending unnecessary time to find out... cant understand why the author does not change the README...
I now see the GUI when clicking on syslog-tab, however for some reason nothing gets imported to my sql database (syslog_incoming is empty) hmmmmmmmmm
thanks
joez |
|
| Back to top |
|
|
noflies
Cacti User
Joined: 18 Dec 2005
Posts: 83
|
| Posted: Thu May 08, 2008 6:47 pm Post subject: |
|
|
@joez--Thanks for the feedback...I didn't need to grant specific access, but I will test on a new install of 087b and verify.
Can you post errors from syslog-ng starting up?
As you stated, the README could use a bit more updating...please feel free to add to it or re-write...I'm sure Jimmy would welcome feedback. |
|
| Back to top |
|
|
joez
Joined: 11 Feb 2008
Posts: 34
|
| Posted: Wed May 14, 2008 4:32 am Post subject: |
|
|
I cant remember the exact error message, but the reason was that the source "s_sys" was not defined in my syslog-ng config file after installing it with a package manager. The standard source is labeled "src", could be suse specific tho, as I am using opensuse 10.3.
After playing around I finally managed to get the plugin working, but it wouldnt have worked without the permission grants I posted above.
joez |
|
| Back to top |
|
|
blugger
Joined: 07 May 2008
Posts: 15
|
| Posted: Fri May 16, 2008 1:26 pm Post subject: me problem... (help) |
|
|
hi!
is have the same problem. I cant start the syslog server with the changed config file. I get the following output.
"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"
Pleas help!
BR
B. |
|
| Back to top |
|
|
sterpstra
Joined: 27 May 2008
Posts: 25
Location: So Cal
|
| Posted: Sun Jun 15, 2008 11:45 pm Post subject: Re: me problem... (help) |
|
|
| blugger wrote: | hi!
is have the same problem. I cant start the syslog server with the changed config file. I get the following output.
"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"
Pleas help!
BR
B. |
Same problem here:
Error in configuration, unresolved source reference, source ='s_sys'
Anyone have a fix for this yet? |
|
| Back to top |
|
|
streaker69
Cacti Pro User
Joined: 27 Mar 2006
Posts: 541
Location: Psychic Amish Network Administrator
|
| Posted: Mon Jun 16, 2008 7:19 am Post subject: |
|
|
I think he missed a couple lines in his configuration file..
Here's what the file should look like:
| Quote: |
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng( and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
# - for Red Hat 7.3
# - totally do away with klogd
# - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
# - use the log_prefix option as per Balazs Scheidler's email
#
options {
sync(0);
time_reopen(10);
log_fifo_size(1024);
long_hostnames(on);
use_dns(yes);
use_fqdn(yes);
create_dirs(no);
keep_hostname(yes);
};
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_kernel { file("/var/log/kern"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or program("kernel")); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_kernel { level(info) and program("kernel"); };
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_kernel); destination(d_kernel); };
source net {
udp();
};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};
log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };
# vim: syntax=syslog-ng
|
Pay attention to the lines in Bold.. You'll need to add those in, then restart syslog-ng. |
|
| Back to top |
|
|
Da nny
Joined: 15 Jun 2006
Posts: 4
|
| Posted: Wed Jun 25, 2008 8:47 am Post subject: |
|
|
| All SuSE Linux Users. Make Sure that apparmor is not running before you begin the steps Outlined in this HOW TO DOC. It blocks syslog-ng from sending data into the pipe.It should be disabled for smooth running of this plugin setup. |
|
| Back to top |
|
|
bhajan
Joined: 16 Jul 2008
Posts: 4
Location: fsdfdsf
|
| Posted: Thu Jul 17, 2008 1:37 am Post subject: |
|
|
| use source ='src' in syslog-ng.cong file in plce of source ='s_sys' |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
