Syslog monitor addon beta

General discussion about Plugins for Cacti

Moderators: Moderators, Developers

Post Reply
Author
Message
User avatar
egarnel
Cacti Pro User
Posts: 703
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

#16 Post by egarnel » Sun Nov 13, 2005 9:38 am

Thanks,

I changed syslog-ng.conf with your recommendations.
source net is "source net { udp(); };"

I ran the script to create the fifo

Code: Select all

#!/bin/bash

if [ -e /tmp/mysql.pipe ]; then
        while [ -e /tmp/mysql.pipe ]
                do
                        mysql -u haloe --password=haloepassword haloe < /tmp/mysql.pipe
        done
else
        mkfifo /tmp/mysql.pipe
fi
and restarted syslog-ng.

but still no dice. port 514/udp is allowed into the firewall - checked that
Cacti1 OS: CentOS 5.6 | 300+ devices
Cacti2 OS: CentOS 5.6 | 300+ devices
King of the Elves
Local Anarchists Union #427
"Anarchism is founded on the observation that since few men are wise enough to rule themselves, even fewer are wise enough to rule others." -Edward Abbey

kingaru
Cacti User
Posts: 54
Joined: Wed Mar 09, 2005 6:35 am

#17 Post by kingaru » Sun Nov 13, 2005 2:28 pm

if you do "cat /tmp/mysql.pipe" do you see any ouptut?

Igor

egarnel wrote:Thanks,

I changed syslog-ng.conf with your recommendations.
source net is "source net { udp(); };"

I ran the script to create the fifo

Code: Select all

#!/bin/bash

if [ -e /tmp/mysql.pipe ]; then
        while [ -e /tmp/mysql.pipe ]
                do
                        mysql -u haloe --password=haloepassword haloe < /tmp/mysql.pipe
        done
else
        mkfifo /tmp/mysql.pipe
fi
and restarted syslog-ng.

but still no dice. port 514/udp is allowed into the firewall - checked that

User avatar
egarnel
Cacti Pro User
Posts: 703
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

#18 Post by egarnel » Sun Nov 13, 2005 4:53 pm

Nope, it just hangs there.

I have syslog-ng w/mysql working on another server with php-syslog frontend
(of course the db keys are different) and it works fine. Both servers are CentOS 3.6 with the same levels of php, mysql, etc.
Cacti1 OS: CentOS 5.6 | 300+ devices
Cacti2 OS: CentOS 5.6 | 300+ devices
King of the Elves
Local Anarchists Union #427
"Anarchism is founded on the observation that since few men are wise enough to rule themselves, even fewer are wise enough to rule others." -Edward Abbey

kingaru
Cacti User
Posts: 54
Joined: Wed Mar 09, 2005 6:35 am

#19 Post by kingaru » Sun Nov 13, 2005 5:52 pm

This means your syslog-ng does not send anything in to fifo ...
Are you 100% positive that are receiiving anything from a network
to your syslog-ng server? Can you run tcpdump on UDP 514 port to make sure that syslog gets messages from your network equipment?

Igor

egarnel wrote:Nope, it just hangs there.

I have syslog-ng w/mysql working on another server with php-syslog frontend
(of course the db keys are different) and it works fine. Both servers are CentOS 3.6 with the same levels of php, mysql, etc.

farhan
Posts: 47
Joined: Sat Nov 12, 2005 6:55 am

Syslog plugin

#20 Post by farhan » Mon Nov 14, 2005 1:31 am

Hi Guys,

This is great plugin. But I am facing color problems. Please help me.

Thanks

harlequin
Posts: 13
Joined: Wed Nov 09, 2005 11:46 pm

Re: Syslog plugin

#21 Post by harlequin » Mon Nov 14, 2005 11:41 pm

farhan wrote:But I am facing color problems
What kind of problems?
Harlequin
mrmee, mrmee, mrmee...

User avatar
egarnel
Cacti Pro User
Posts: 703
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

#22 Post by egarnel » Tue Nov 15, 2005 8:49 am

kingaru wrote:This means your syslog-ng does not send anything in to fifo ...
Are you 100% positive that are receiiving anything from a network
to your syslog-ng server? Can you run tcpdump on UDP 514 port to make sure that syslog gets messages from your network equipment?

Igor

egarnel wrote:Nope, it just hangs there.

I have syslog-ng w/mysql working on another server with php-syslog frontend
(of course the db keys are different) and it works fine. Both servers are CentOS 3.6 with the same levels of php, mysql, etc.
I am receiving syslog traffic

Code: Select all

this_box <-> Firewall                                                                                       0b/s 10.3k/s  10.3k/s
 10.10.10.204      514    UDP                            10.10.10.100      514                               0b    471k     471k

this_box <-> ssh1                                                                                         629b/s   66b/s   695b/s
 10.10.10.204       22    TCP                            10.10.10.202    43270                            26.6k   3.20k    29.8k

this_box <-> Firewall                                                                                     364b/s    0b/s   364b/s
 10.10.10.204        0     IP                            10.10.10.100        0                            16.1k     98b    16.2k

UNKNOWN <-> UNKNOWN                                                                                        36b/s    0b/s    36b/s
 0.0.0.0             0  ETHER                            0.0.0.0             0                            1.81k      0b    1.81k
I made sure that the mysql user & password that is specified in the mkfifo script does indeed has access to the haloe db.
Cacti1 OS: CentOS 5.6 | 300+ devices
Cacti2 OS: CentOS 5.6 | 300+ devices
King of the Elves
Local Anarchists Union #427
"Anarchism is founded on the observation that since few men are wise enough to rule themselves, even fewer are wise enough to rule others." -Edward Abbey

chewy009
Posts: 38
Joined: Wed Jun 15, 2005 1:18 pm
Location: Washington State, USA

#23 Post by chewy009 » Wed Nov 16, 2005 3:39 pm

Will this work with MS SQL 2000? Will this work on a Windows 2003 Server either as the original install or the plugin that was created?

chewy009
Posts: 38
Joined: Wed Jun 15, 2005 1:18 pm
Location: Washington State, USA

#24 Post by chewy009 » Wed Nov 16, 2005 3:42 pm

Will this work with MS SQL 2000? Will this work on a Windows 2003 Server either as the original install or the plugin that was created?

nduda78
Cacti User
Posts: 106
Joined: Tue Mar 01, 2005 11:26 am
Contact:

#25 Post by nduda78 » Thu Nov 17, 2005 9:18 am

how do you get the data into haloe? I've installed kiwi but see no config...etc Ive also installed syslog-ng, but ther is no documentation on how to get it imported into haloe.

can someone write a more detailed setup guide?

Jeppe
Posts: 47
Joined: Sun Feb 09, 2003 4:48 am
Contact:

#26 Post by Jeppe » Fri Nov 18, 2005 6:07 am

Not a setup guide, more like a tip...

There's this handy syslogd that can talk natively to mysql...
http://www.rsyslog.com/

Quite early in development, but seems to work ok.

An example config to it and r.haloe would be something like this...

Code: Select all

$template haloe,"insert into logs (host, facility, priority, level, tag, date, time, msg) values ('%HOSTNAME%', %syslogfacility%, %syslogpriority%, %syslogpriority%, '%syslogtag%', DATE('%timereported:::date-mysql%'), TIME('%timereported:::date-mysql%'), '%msg:::drop-last-lf%')",sql
And...

Code: Select all

*.*             >localhost,<database>,<username>,<password>;haloe
Works for me. :)

-J

Devil
Posts: 21
Joined: Sun Oct 03, 2004 2:14 am
Contact:

#27 Post by Devil » Fri Nov 18, 2005 6:14 am

How about doing a search on for example Google?

I did a search on google and found many results that could help.

nduda78
Cacti User
Posts: 106
Joined: Tue Mar 01, 2005 11:26 am
Contact:

#28 Post by nduda78 » Fri Nov 18, 2005 8:05 am

I did a search on google, and have been trying like hell to get it working...nothign on google helps. I have syslog-ng working....as in, i can send messages to the syslog-ng daemon and the test messages appear in the syslog log file.....no matter what configs i do in the .conf file , nothing gets into the DB...the pipe file never works.

i'll try the other daemon mentioned.

fin51
Posts: 6
Joined: Fri Nov 18, 2005 8:12 am

simple request

#29 Post by fin51 » Fri Nov 18, 2005 8:17 am

Hi and thanks for the great addon. This was exactly something I had been looking for. The plugin works perfectly . I had one request for future functinonality. It would be nice if this addon had the ability to alert and send a email or page if certain Priorities or a regx is meet.

thanks

User avatar
egarnel
Cacti Pro User
Posts: 703
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

#30 Post by egarnel » Fri Nov 18, 2005 8:18 am

same here. I have syslog-ng with a pipe into mysql running on another box just fine, but have no luck getting it to work on the Cacti server. I have verified that syslog traffic does indeed get to the server, syslog-ng is running and listening for syslog messages, etc. Both systems are the same OS, mysql ver & syslog-ng ver.

when I cat /tmp/mysql.pipe on the working box, it works fine, and I can see entries scroll by, but not on the second.
Cacti1 OS: CentOS 5.6 | 300+ devices
Cacti2 OS: CentOS 5.6 | 300+ devices
King of the Elves
Local Anarchists Union #427
"Anarchism is founded on the observation that since few men are wise enough to rule themselves, even fewer are wise enough to rule others." -Edward Abbey

Post Reply