|
|
| Author |
Message |
noflies
Cacti User
Joined: 18 Dec 2005
Posts: 83
|
 Posted: Tue Feb 26, 2008 8:36 pm Post subject: [HOWTO] Install Syslog 0.5.2 plugin on Linux/Unix Cacti vers |
 |
|
HOW-TO Install Syslog 0.5.2 plugin on Linux/Unix Cacti versions 0.8.7, 0.8.7a and 0.8.7b
-------------------------------------------------------------------------------------------
[submitted by noflies, 26 Feb 2008]
[updated by noflies, 16 May 2008 with suggestions by joez...adding "SQL grant priv" commands in 4a]
NOTE: These instructions reference variables for documentation purposes only.
<cacti_path> Cacti's root path (usually /var/www/html or /usr/share/cacti)
<cacti_user> Cacti's user for polling access (usually cacti or cactiuser)
<cacti_pass> Cacti's password for polling access (usually cacti or cactiuser)
<cacti_dbuser> Cacti's user for database access (usually cacti or cactiuser)
<cacti_dbpass> Cacti's password for database access (usually cacti or cactiuser)
<http_user> HTTP daemon user for running web server (usually apache)
<http_pass> HTTP daemon password for running web server
Substitute your specific locations and parameters.
1. Install, configure and test SYSLOG-NG per instructions within the syslog-ng package/tar.
Make sure syslog-ng is working as you expect before continuing.
2. Download the syslog plugin from cactiusers.org.
As of 25 Feb 2008, the syslog plugin is located at <"http://cactiusers.org/downloads/syslog.tar.gz">.
Version 0.5.2, maintained by Jimmy Conner. [THANKS Jimmy!!!]
Untar it into the directory <cacti_path>/plugins/syslog
3. Edit the <cacti_path>/plugins/syslog/config.php with your installation's database name and user credentials.
Here is an EXAMPLE only;
| Code: | $syslogdb_type = 'mysql';
$syslogdb_default = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = '<cacti_dbuser>';
$syslogdb_password = '<cacti_dbpass>'; |
NOTE: Change the above user credentials to your specific installation.
4. Create the syslog database with the syslog.sql commands.
| Code: | shell> mysqladmin --user=root create syslog
shell> mysql syslog < <cacti_path>/plugins/syslog/syslog.sql |
NOTE: The syslog.sql file is in the syslog plugin tar file.
4a. Grant privileges to cactidb_user for the syslogdb_default.
| Code: | shell# mysql --user=root --password
Enter password: ********
mysql> GRANT ALL ON <syslogdb_default>.* TO <cacti_dbuser>@<syslogdb_hostname> IDENTIFIED BY '<cacti_dbpass>';
mysql> flush privileges;
mysql> exit |
NOTE: Change the above user credentials to your specific installation.
5. Edit the /etc/init.d/syslog-ng file.
--INSERT the following line AFTER the "start() {" line
| Code: | | /sbin/syslogtomysql & |
--INSERT the following line AFTER the "stop() {" line
| Code: | | killall -9 syslogtomysql > /dev/null |
6. Create the /sbin/syslogtomysql bash script.
| Code: | #!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
mkfifo /tmp/mysql.pipe
fi
while [ -e /tmp/mysql.pipe ]
do
mysql -u <cacti_dbuser> --password=<cacti_dbpass> syslog < /tmp/mysql.pipe
done |
NOTE: Change the above user credentials to your specific installation.
7. Change the /sbin/syslogtomysql file permissions to 755 owned by root:root.
| Code: | shell> chmod 755 /sbin/syslogtomysql
shell> chown root:root /sbin/syslogtomysql |
8. ADD the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file
| Code: | source net {
udp();
};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};
log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); }; |
NOTE: The "template(" line begins with "template(" and ends with the $MSG' );\n"). The line may appear to wrap due to the length of the line. MAKE SURE your config file does not break the line apart.
9. Restart the syslog-ng daemon. Typically by using one of the following:
| Code: | | shell> service syslog-ng restart |
-OR-
| Code: | | shell> kill -HUP syslog-ng |
10. Add the syslog plugin to the $plugins_array in <cacti_path>/include/global.php
At ABOUT line 46; INSERT the following line AFTER the "$plugins[] = 'settings';"
| Code: | | $plugins[] = 'syslog'; |
11. Verify user rights and permissions on the syslog/plugin files
| Code: | shell> chown -R <http_user>:<http_user> <cacti_path>/plugins/syslog/
shell> chmod -R 644 <cacti_path>/plugins/syslog/ |
NOTE: Change the above user credentials to your specific installation.
12. Within cacti, grant user rights for Syslog plugin/realm.
Navigate to Console ->
Utilities ->
User Management ->
<SELECT USER>
Realm Permissions ->
Enable "View Syslog" and/or "Configure Syslog Alerts/Reports"
Click Save.
That should do it. Now repeat your syslog-ng testing you completed in step 1 to verify syslog-ng was working.
Within Cacti, you should begin to see those syslog entries on the syslog tab.
Please post any updates/suggestions to this HOWTO in this forum.
Please post any issues with the syslog plugin in the PLUGINS-General forum.
Last edited by noflies on Fri May 16, 2008 8:23 pm; edited 1 time in total |
|
| Back to top |
|
 |
joez
Joined: 11 Feb 2008
Posts: 34
|
| Posted: Thu May 08, 2008 5:37 am Post subject: |
|
|
Isnt something like
| Code: | GRANT
ALL ON syslog.* TO cactiuser@localhost IDENTIFIED BY ’password’; |
missing here? |
|
| Back to top |
|
|
joez
Joined: 11 Feb 2008
Posts: 34
|
| Posted: Thu May 08, 2008 6:01 am Post subject: |
|
|
the line
| Code: | | log { source(s_sys); destination(d_mysql); }; |
also caused my syslog-ng to fail on restart, because s_sys is unknown.
....
I have to say that the README contained in the syslog-plugin sucks, because it does not let you know that there is a lot more stuff to do to get the plugin actually work. Alot of users spending unnecessary time to find out... cant understand why the author does not change the README...
I now see the GUI when clicking on syslog-tab, however for some reason nothing gets imported to my sql database (syslog_incoming is empty) hmmmmmmmmm
thanks
joez |
|
| Back to top |
|
|
noflies
Cacti User
Joined: 18 Dec 2005
Posts: 83
|
| Posted: Thu May 08, 2008 6:47 pm Post subject: |
|
|
@joez--Thanks for the feedback...I didn't need to grant specific access, but I will test on a new install of 087b and verify.
Can you post errors from syslog-ng starting up?
As you stated, the README could use a bit more updating...please feel free to add to it or re-write...I'm sure Jimmy would welcome feedback. |
|
| Back to top |
|
|
joez
Joined: 11 Feb 2008
Posts: 34
|
| Posted: Wed May 14, 2008 4:32 am Post subject: |
|
|
I cant remember the exact error message, but the reason was that the source "s_sys" was not defined in my syslog-ng config file after installing it with a package manager. The standard source is labeled "src", could be suse specific tho, as I am using opensuse 10.3.
After playing around I finally managed to get the plugin working, but it wouldnt have worked without the permission grants I posted above.
joez |
|
| Back to top |
|
|
blugger
Joined: 07 May 2008
Posts: 28
|
| Posted: Fri May 16, 2008 1:26 pm Post subject: me problem... (help) |
|
|
hi!
is have the same problem. I cant start the syslog server with the changed config file. I get the following output.
"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"
Pleas help!
BR
B. |
|
| Back to top |
|
|
sterpstra
Joined: 27 May 2008
Posts: 34
Location: So Cal
|
| Posted: Sun Jun 15, 2008 11:45 pm Post subject: Re: me problem... (help) |
|
|
| blugger wrote: | hi!
is have the same problem. I cant start the syslog server with the changed config file. I get the following output.
"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"
Pleas help!
BR
B. |
Same problem here:
Error in configuration, unresolved source reference, source ='s_sys'
Anyone have a fix for this yet? |
|
| Back to top |
|
|
streaker69
Cacti Pro User
Joined: 27 Mar 2006
Posts: 647
Location: Psychic Amish Network Administrator
|
| Posted: Mon Jun 16, 2008 7:19 am Post subject: |
|
|
I think he missed a couple lines in his configuration file..
Here's what the file should look like:
| Quote: |
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng( and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
# - for Red Hat 7.3
# - totally do away with klogd
# - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
# - use the log_prefix option as per Balazs Scheidler's email
#
options {
sync(0);
time_reopen(10);
log_fifo_size(1024);
long_hostnames(on);
use_dns(yes);
use_fqdn(yes);
create_dirs(no);
keep_hostname(yes);
};
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_kernel { file("/var/log/kern"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or program("kernel")); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_kernel { level(info) and program("kernel"); };
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_kernel); destination(d_kernel); };
source net {
udp();
};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};
log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };
# vim: syntax=syslog-ng
|
Pay attention to the lines in Bold.. You'll need to add those in, then restart syslog-ng. |
|
| Back to top |
|
|
Da nny
Joined: 15 Jun 2006
Posts: 5
|
| Posted: Wed Jun 25, 2008 8:47 am Post subject: |
|
|
| All SuSE Linux Users. Make Sure that apparmor is not running before you begin the steps Outlined in this HOW TO DOC. It blocks syslog-ng from sending data into the pipe.It should be disabled for smooth running of this plugin setup. |
|
| Back to top |
|
|
bhajan
Joined: 16 Jul 2008
Posts: 4
Location: fsdfdsf
|
| Posted: Thu Jul 17, 2008 1:37 am Post subject: |
|
|
| use source ='src' in syslog-ng.cong file in plce of source ='s_sys' |
|
| Back to top |
|
|
mfranzoi
Joined: 28 Apr 2008
Posts: 2
Location: Brazil
|
| Posted: Sat Aug 23, 2008 11:11 am Post subject: Re: me problem... (help) |
|
|
| sterpstra wrote: | | blugger wrote: | hi!
is have the same problem. I cant start the syslog server with the changed config file. I get the following output.
"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"
Pleas help!
BR
B. |
Same problem here:
Error in configuration, unresolved source reference, source ='s_sys'
Anyone have a fix for this yet? |
Maybe your source is s_all. Just make this change in yout last line.
( change s_sys to s_all ) |
|
| Back to top |
|
|
colthe
Joined: 18 Feb 2008
Posts: 21
|
| Posted: Thu Oct 09, 2008 2:02 am Post subject: |
|
|
If you syslog-ng.conf like below:
######
# sources
# all known message sources
source s_all {
that you can revise s_sys to s_all.
It works fine on my ubuntu system. |
|
| Back to top |
|
|
vikingmaster
Joined: 28 Apr 2002
Posts: 12
|
| Posted: Thu Dec 04, 2008 10:20 am Post subject: |
|
|
| thx |
|
| Back to top |
|
|
hpsmartyz
Joined: 30 Oct 2007
Posts: 14
|
| Posted: Sat Jan 03, 2009 4:59 pm Post subject: |
|
|
noflies, all
many thanks for this valuable HOWTO.
I have used it and I am running Cacti/Syslog-ng on a Synology.
Yet I have a problem, syslog-ng/syslogtomysql badly restart after a reboot
Let me explain:
I have followed all your steps and the start-up script of syslog-ng (S80syslog-ng) simply looks like
sh /path/to/syslogtomysql.sh &
/path/to/syslog-ng -f /path/to/syslog-ng/syslog-ng.conf
The script is effectively run at startup yet the mysql-syslog "link" does not seem effective.
When I run the script manually the mysql-syslog "link" is effective.
Indeed, in the first case I see two running processes
sh /path/to/syslogtomysql.sh
/path/to/syslog-ng -f //path/to/syslog-ng/syslog-ng.conf
and logs do not appear in Cacti
while in the second I have three:
sh /path/to/syslogtomysql.sh
/path/to/syslog-ng -f /path/to/syslog-ng/syslog-ng.conf
mysql -u the user -password=the pass db
and logs do appear in cacti.
I have taken care that the S80syslog-ng script is launched after the mysql startup script.
I would really welcome any help on this.
I have a side issue
At a moment when syslog was properly running, I deleted (for test purposes) mysql.pipe. I thought, seeing the syslogtomysql script that it would end but did not ...
many thanks |
|
| Back to top |
|
|
hpsmartyz
Joined: 30 Oct 2007
Posts: 14
|
| Posted: Fri Jan 09, 2009 5:16 pm Post subject: |
|
|
all,
I found the solution.
Because apparently some environment variables are not yet loaded at the moment the script is launched, the call to mysql (which is installed on my NAS via IPKG) fails.
I simply added to full path to mysql and everything works fine.
By the way, setting the priviledges:
| Code: | | chmod -R 644 <cacti_path>/plugins/syslog/ |
does not work on my device
| Code: | | chmod -R 655 <cacti_path>/plugins/syslog/ |
does work however |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
