Cacti (home)ForumsRepositoryDocumentation
Cacti: offical forums and support
It is currently Mon Oct 20, 2014 12:55 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: [HOWTO] Install Syslog 0.5.2 plugin on Linux/Unix Cacti vers
PostPosted: Tue Feb 26, 2008 8:36 pm 
Offline
Cacti User

Joined: Sun Dec 18, 2005 9:30 am
Posts: 83
HOW-TO Install Syslog 0.5.2 plugin on Linux/Unix Cacti versions 0.8.7, 0.8.7a and 0.8.7b
-------------------------------------------------------------------------------------------
[submitted by noflies, 26 Feb 2008]
[updated by noflies, 16 May 2008 with suggestions by joez...adding "SQL grant priv" commands in 4a]

NOTE: These instructions reference variables for documentation purposes only.
<cacti_path> Cacti's root path (usually /var/www/html or /usr/share/cacti)
<cacti_user> Cacti's user for polling access (usually cacti or cactiuser)
<cacti_pass> Cacti's password for polling access (usually cacti or cactiuser)
<cacti_dbuser> Cacti's user for database access (usually cacti or cactiuser)
<cacti_dbpass> Cacti's password for database access (usually cacti or cactiuser)
<http_user> HTTP daemon user for running web server (usually apache)
<http_pass> HTTP daemon password for running web server
Substitute your specific locations and parameters.

1. Install, configure and test SYSLOG-NG per instructions within the syslog-ng package/tar.
Make sure syslog-ng is working as you expect before continuing.

2. Download the syslog plugin from cactiusers.org.
As of 25 Feb 2008, the syslog plugin is located at <"http://cactiusers.org/downloads/syslog.tar.gz">.
Version 0.5.2, maintained by Jimmy Conner. [THANKS Jimmy!!!]
Untar it into the directory <cacti_path>/plugins/syslog

3. Edit the <cacti_path>/plugins/syslog/config.php with your installation's database name and user credentials.
Here is an EXAMPLE only;
Code:
$syslogdb_type     = 'mysql';
$syslogdb_default  = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = '<cacti_dbuser>';
$syslogdb_password = '<cacti_dbpass>';

NOTE: Change the above user credentials to your specific installation.

4. Create the syslog database with the syslog.sql commands.
Code:
shell> mysqladmin --user=root create syslog
shell> mysql syslog < <cacti_path>/plugins/syslog/syslog.sql

NOTE: The syslog.sql file is in the syslog plugin tar file.

4a. Grant privileges to cactidb_user for the syslogdb_default.
Code:
shell# mysql --user=root --password
Enter password: ********
mysql> GRANT ALL ON <syslogdb_default>.* TO <cacti_dbuser>@<syslogdb_hostname> IDENTIFIED BY '<cacti_dbpass>';
mysql> flush privileges;
mysql> exit

NOTE: Change the above user credentials to your specific installation.

5. Edit the /etc/init.d/syslog-ng file.
--INSERT the following line AFTER the "start() {" line
Code:
/sbin/syslogtomysql &


--INSERT the following line AFTER the "stop() {" line
Code:
killall -9 syslogtomysql > /dev/null


6. Create the /sbin/syslogtomysql bash script.
Code:
#!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
        mkfifo /tmp/mysql.pipe
fi 

while [ -e /tmp/mysql.pipe ]
do
        mysql -u <cacti_dbuser> --password=<cacti_dbpass> syslog < /tmp/mysql.pipe
done

NOTE: Change the above user credentials to your specific installation.

7. Change the /sbin/syslogtomysql file permissions to 755 owned by root:root.
Code:
shell> chmod 755 /sbin/syslogtomysql
shell> chown root:root /sbin/syslogtomysql


8. ADD the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file
Code:
source net {
    udp();
};

destination d_mysql {
    pipe("/tmp/mysql.pipe"
    template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
    template-escape(yes)
     );
};

log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };

NOTE: The "template(" line begins with "template(" and ends with the $MSG' );\n"). The line may appear to wrap due to the length of the line. MAKE SURE your config file does not break the line apart.

9. Restart the syslog-ng daemon. Typically by using one of the following:
Code:
shell> service syslog-ng restart

-OR-
Code:
shell> kill -HUP syslog-ng


10. Add the syslog plugin to the $plugins_array in <cacti_path>/include/global.php
At ABOUT line 46; INSERT the following line AFTER the "$plugins[] = 'settings';"
Code:
$plugins[] = 'syslog';


11. Verify user rights and permissions on the syslog/plugin files
Code:
shell> chown -R <http_user>:<http_user> <cacti_path>/plugins/syslog/
shell> chmod -R 644 <cacti_path>/plugins/syslog/

NOTE: Change the above user credentials to your specific installation.

12. Within cacti, grant user rights for Syslog plugin/realm.
Navigate to Console ->
Utilities ->
User Management ->
<SELECT USER>
Realm Permissions ->
Enable "View Syslog" and/or "Configure Syslog Alerts/Reports"
Click Save.

That should do it. Now repeat your syslog-ng testing you completed in step 1 to verify syslog-ng was working.
Within Cacti, you should begin to see those syslog entries on the syslog tab.

Please post any updates/suggestions to this HOWTO in this forum.
Please post any issues with the syslog plugin in the PLUGINS-General forum.


Last edited by noflies on Fri May 16, 2008 8:23 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Thu May 08, 2008 5:37 am 
Offline

Joined: Mon Feb 11, 2008 7:03 am
Posts: 34
Isnt something like

Code:
GRANT
ALL ON syslog.* TO cactiuser@localhost IDENTIFIED BY ’password’;


missing here?


Top
 Profile  
 
 Post subject:
PostPosted: Thu May 08, 2008 6:01 am 
Offline

Joined: Mon Feb 11, 2008 7:03 am
Posts: 34
the line

Code:
log { source(s_sys); destination(d_mysql); };


also caused my syslog-ng to fail on restart, because s_sys is unknown.

....

I have to say that the README contained in the syslog-plugin sucks, because it does not let you know that there is a lot more stuff to do to get the plugin actually work. Alot of users spending unnecessary time to find out... cant understand why the author does not change the README...

I now see the GUI when clicking on syslog-tab, however for some reason nothing gets imported to my sql database (syslog_incoming is empty) hmmmmmmmmm

thanks
joez


Top
 Profile  
 
 Post subject:
PostPosted: Thu May 08, 2008 6:47 pm 
Offline
Cacti User

Joined: Sun Dec 18, 2005 9:30 am
Posts: 83
@joez--Thanks for the feedback...I didn't need to grant specific access, but I will test on a new install of 087b and verify.

Can you post errors from syslog-ng starting up?

As you stated, the README could use a bit more updating...please feel free to add to it or re-write...I'm sure Jimmy would welcome feedback.


Top
 Profile  
 
 Post subject:
PostPosted: Wed May 14, 2008 4:32 am 
Offline

Joined: Mon Feb 11, 2008 7:03 am
Posts: 34
I cant remember the exact error message, but the reason was that the source "s_sys" was not defined in my syslog-ng config file after installing it with a package manager. The standard source is labeled "src", could be suse specific tho, as I am using opensuse 10.3.

After playing around I finally managed to get the plugin working, but it wouldnt have worked without the permission grants I posted above.

joez


Top
 Profile  
 
 Post subject: me problem... (help)
PostPosted: Fri May 16, 2008 1:26 pm 
Offline
Cacti User

Joined: Wed May 07, 2008 10:23 am
Posts: 50
hi!

is have the same problem. I cant start the syslog server with the changed config file. I get the following output.

"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"

Pleas help!

BR
B.


Top
 Profile  
 
 Post subject: Re: me problem... (help)
PostPosted: Sun Jun 15, 2008 11:45 pm 
Offline

Joined: Tue May 27, 2008 11:48 pm
Posts: 45
Location: So Cal
blugger wrote:
hi!

is have the same problem. I cant start the syslog server with the changed config file. I get the following output.

"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"

Pleas help!

BR
B.


Same problem here:
Error in configuration, unresolved source reference, source ='s_sys'

Anyone have a fix for this yet?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 16, 2008 7:19 am 
Offline
Cacti Pro User
User avatar

Joined: Mon Mar 27, 2006 10:35 am
Posts: 711
Location: Psychic Amish Network Administrator
I think he missed a couple lines in his configuration file..

Here's what the file should look like:

Quote:
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
# - for Red Hat 7.3
# - totally do away with klogd
# - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
# - use the log_prefix option as per Balazs Scheidler's email
#

options {
sync(0);
time_reopen(10);
log_fifo_size(1024);
long_hostnames(on);
use_dns(yes);
use_fqdn(yes);
create_dirs(no);
keep_hostname(yes);
};

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_kernel { file("/var/log/kern"); };


filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or program("kernel")); };

filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_kernel { level(info) and program("kernel"); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_kernel); destination(d_kernel); };

source net {
udp();
};


destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};

log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };

# vim: syntax=syslog-ng


Pay attention to the lines in Bold.. You'll need to add those in, then restart syslog-ng.

_________________
Cacti Version - 0.8.7d
Plugin Architecture - 2.4
Poller Type - Cactid v
Server Info - Linux 2.6.18-128.1.6.el5
Web Server - Apache/2.2.3 (CentOS)
PHP - 5.2.9
MySQL - 5.0.45-log
RRDTool - 1.3.0
SNMP - 5.3.2.2
PluginsPHP Network Managing v0.6.1, Global Plugin Settings v0.6,thold v0.4.1,XMLPort v0.3.5,CactiCam v0.1.5,NetTools v0.1.5,pollperf v0.32,RRD Cleaner v1.1,sqlqueries v0.2,superlinks v0.8,syslog v0.5.2,update v0.4,discovery v0.9,zond v0.34a,hostinfo v0.2,Bloom v0.6.5,mactrack v1.1,weathermap v0.96a,mobile v0.1


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jun 25, 2008 8:47 am 
Offline

Joined: Thu Jun 15, 2006 2:15 am
Posts: 5
All SuSE Linux Users. Make Sure that apparmor is not running before you begin the steps Outlined in this HOW TO DOC. It blocks syslog-ng from sending data into the pipe.It should be disabled for smooth running of this plugin setup.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 17, 2008 1:37 am 
Offline

Joined: Wed Jul 16, 2008 3:49 am
Posts: 4
Location: fsdfdsf
use source ='src' in syslog-ng.cong file in plce of source ='s_sys'


Top
 Profile  
 
 Post subject: Re: me problem... (help)
PostPosted: Sat Aug 23, 2008 11:11 am 
Offline

Joined: Mon Apr 28, 2008 9:01 am
Posts: 2
Location: Brazil
sterpstra wrote:
blugger wrote:
hi!

is have the same problem. I cant start the syslog server with the changed config file. I get the following output.

"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"

Pleas help!

BR
B.


Same problem here:
Error in configuration, unresolved source reference, source ='s_sys'

Anyone have a fix for this yet?


Maybe your source is s_all. Just make this change in yout last line.

( change s_sys to s_all )


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 09, 2008 2:02 am 
Offline

Joined: Mon Feb 18, 2008 6:24 am
Posts: 27
If you syslog-ng.conf like below:
######
# sources

# all known message sources
source s_all {

that you can revise s_sys to s_all.
It works fine on my ubuntu system.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Dec 04, 2008 10:20 am 
Offline

Joined: Sun Apr 28, 2002 11:43 pm
Posts: 12
thx


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jan 03, 2009 4:59 pm 
Offline

Joined: Tue Oct 30, 2007 5:23 am
Posts: 34
noflies, all

many thanks for this valuable HOWTO.
I have used it and I am running Cacti/Syslog-ng on a Synology.
Yet I have a problem, syslog-ng/syslogtomysql badly restart after a reboot
Let me explain:

I have followed all your steps and the start-up script of syslog-ng (S80syslog-ng) simply looks like
sh /path/to/syslogtomysql.sh &
/path/to/syslog-ng -f /path/to/syslog-ng/syslog-ng.conf

The script is effectively run at startup yet the mysql-syslog "link" does not seem effective.
When I run the script manually the mysql-syslog "link" is effective.
Indeed, in the first case I see two running processes
sh /path/to/syslogtomysql.sh
/path/to/syslog-ng -f //path/to/syslog-ng/syslog-ng.conf
and logs do not appear in Cacti

while in the second I have three:
sh /path/to/syslogtomysql.sh
/path/to/syslog-ng -f /path/to/syslog-ng/syslog-ng.conf
mysql -u the user -password=the pass db
and logs do appear in cacti.

I have taken care that the S80syslog-ng script is launched after the mysql startup script.

I would really welcome any help on this.

I have a side issue
At a moment when syslog was properly running, I deleted (for test purposes) mysql.pipe. I thought, seeing the syslogtomysql script that it would end but did not ...

many thanks


Top
 Profile  
 
 Post subject:
PostPosted: Fri Jan 09, 2009 5:16 pm 
Offline

Joined: Tue Oct 30, 2007 5:23 am
Posts: 34
all,

I found the solution.
Because apparently some environment variables are not yet loaded at the moment the script is launched, the call to mysql (which is installed on my NAS via IPKG) fails.
I simply added to full path to mysql and everything works fine.

By the way, setting the priviledges:
Code:
chmod -R 644 <cacti_path>/plugins/syslog/

does not work on my device
Code:
chmod -R 655 <cacti_path>/plugins/syslog/

does work however


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group