SNMPTT/SYSLOG viewer Plugin for Cacti. v 1.4.3 (2009/02/06)

General discussion about Plugins for Cacti

Moderators: Moderators, Developers

Post Reply
Author
Message
GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#166 Post by GuessWho » Wed Jan 14, 2009 9:41 am

>It is error in message. In realy - plugin delete records from db.
>Fixed in next version.

Great thanks.



>No data in mysql db ?

No there is nothing in the plugin_snmptt_statistics table.

GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#167 Post by GuessWho » Wed Jan 14, 2009 1:04 pm

Found the duplicate trap messages. I had to change my snmptrapd init script to use the -C and the -c flag. The -C tells snmptrapd to ignore default configuration files.

GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#168 Post by GuessWho » Wed Jan 14, 2009 1:45 pm

Found the problem with the stats too....

according to the snmptt.ini file the stats are generate as follows:

# How often in seconds statistics should be logged to syslog or the event log.
# Set to 0 to disable
# 1 hour = 216000
# 12 hours = 2592000
# 24 hours = 5184000

According to my calculations 216000 is actually 60 hours not 1 hour. Unfortunately I didn't catch this which is pretty stupid of me but I have now it set to 10 seconds for testing and it is working properly.

Please correct me if my calculations are incorrect.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#169 Post by gthe » Tue Jan 20, 2009 10:53 am

New version released in first post:
May be the best way - is to rename plugin ? ([cmv - cacti message viewer] or [cmm - cacti message manager])


--- 1.3.9 with Syslog ---
  • - Added Syslog tab. It may be use both/seperetly with cacti SYSLOG plugin. ([HOWTO] Install Syslog 0.5.2 plugin on Linux/Unix Cacti vers - http://forums.cacti.net/viewtopic.php?t=26040)
    --For use syslog tab WITHOUT old cacti SYSLOG plugin:
    Change the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file:

    Code: Select all

    				source net {
    					udp();
    				};
    				destination d_mysql {
    				    pipe("/tmp/mysql.pipe"
    				    template("INSERT INTO plugin_snmptt_syslog (host, sourceip, facility, priority, sys_date, message, status) VALUES ( '$HOST',  '$SOURCEIP', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$MSG', '0' );\n")
    				    template-escape(yes)
    				     );
    				};
    
    				log { source(net); destination(d_mysql); };
    				log { source(s_sys); destination(d_mysql); };
    			
    --For use syslog tab AND old cacti SYSLOG plugin:
    Change the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file:

    Code: Select all

    				source net {
    					udp();
    				};
    				destination d_mysql {
    				    pipe("/tmp/mysql.pipe"
    			            template("INSERT INTO syslog_incoming (host, sourceip, fullhost, facility, priority, date, time, message) VALUES ( '$HOST',  '$SOURCEIP', '$FULLHOST','$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );
    								INSERT INTO plugin_snmptt_syslog (host, sourceip, facility, priority, sys_date, message, status) VALUES ( '$HOST',  '$SOURCEIP', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$MSG', '0' );\n")
    				    template-escape(yes)
    				     );
    				};
    
    				log { source(net); destination(d_mysql); };
    				log { source(s_sys); destination(d_mysql); };


    - Optimize sql for create tree menu (for 1000000 traps create tree menu take 3-5 sec);
    - Added Setting tab;
    - Switch to use ExtJS v 2.2;
    - In rules added "Force run" function - run this rule for already processed records (traps or syslog);
    - Update for graph and cacti/scripts/ss_snmpttpoller.php in addons.rar/graph

    Fix:
    - Fixed error when deleting unk. traps records;
    - Fix error in poller auto purge deleting;
    - Fix error with incorrect [plugin_snmptt_alert] table when first install plugin;

    Minor updates:
    - Allow Email Message field in rule be blank;
    - Added patch to autosize column header width on Dbl click;
    - For Syslog treeMenu added full expand/collapse all menu items and quick filter.
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#170 Post by GuessWho » Tue Jan 20, 2009 11:46 am

gthe,
It looks like you have made the syslog plugin a requirement? I do not run the syslog pluin and don't really want to add it....is there a way to run without the syslog plugin on your new version. I receive the following errors when i try to run the new version.

01/20/2009 11:32:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/20/2009 11:32:07 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/20/2009 11:32:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=2 where status=1'
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:36:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/20/2009 11:36:07 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/20/2009 11:36:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=2 where status=1'
01/20/2009 11:36:08 AM - CMDPHP: Poller[0] ERROR: SQL Assoc Failed!, Error:'1142', SQL:"SELECT host, date(`sys_date`) as day_noumber, count(*) as count_rows FROM `syslog_ng`.`plugin_snmptt_syslog` where date(`sys_date`) < date('2009-01-13') group by host, date(`sys_date`) HAVING count_rows > 1200 order by count_rows;"
01/20/2009 11:36:08 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"SELECT count(*) from `syslog_ng`.`plugin_snmptt_syslog`"
01/20/2009 11:36:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=2 where status=1'
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#171 Post by gthe » Wed Jan 21, 2009 1:39 am

Yep.. :oops: sorry
I fix it in last version (in first post).
- Add Syslog tab unused by default. For use it - change [Use SYSLOG] parameter in settings tab AND reload plugin page.
P.s. and update ss_snmpttpoller.php from addons.rar to <cacti>/scripts/
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#172 Post by GuessWho » Wed Jan 21, 2009 8:09 am

Gthe,
That worked nicely! Thank you.

I did receive one error on the upgrade but it appears to be for syslog.

01/21/2009 08:02:10 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'

Is there anyway for me to remove the syslog tab since I am not using it?

Also in the rules section what do the options "Execute user function" and "Mark Record" actually do?

Thanks.

GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#173 Post by GuessWho » Wed Jan 21, 2009 9:26 am

gthe,
I was getting the following errors in my logs:

01/21/2009 08:30:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) from syslog_ng.plugin_snmptt_syslog;"
01/21/2009 08:30:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) from syslog_ng.plugin_snmptt_syslog;"
01/21/2009 08:30:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/21/2009 08:30:07 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/21/2009 08:30:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'


So I modified snmptt_poller.php and added if statements at the appropriate locations to evalute if ($snmptt_use_syslog == "1").
The functions I have modified are: function process_alerts()
And in lib/snmptt)functions.php I modified snmptt_poller_recreate_tree() by commenting the following lines.

//db_execute("INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`)
// SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl
// GROUP BY `host`, `facility`");

Also in the new ss_snmpttpoller.php i changed the if statement from
if (read_config_option("snmptt_use_syslog") == "0")
to
if (read_config_option("snmptt_use_syslog") == "1")

From reading your other code I think it should be set to 1 anyway?

GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#174 Post by GuessWho » Wed Jan 21, 2009 1:23 pm

I decided to switch back to 1.2.22 since the integration of syslog seems pretty strong and I don't want to run that plugin. I use the server as only an snmp poller and snmp trap reciver so having it be a syslog server just doesn't fit.
Thanks.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#175 Post by gthe » Sat Jan 24, 2009 12:12 pm

New version in first post must fix all error.
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

munozm
Posts: 18
Joined: Sun Jul 08, 2007 10:14 pm
Contact:

#176 Post by munozm » Sat Jan 24, 2009 11:16 pm

Great Plugin. It seems that SNMP traps are working. I tried to use the syslog portion (currently using the syslog plugin), but I'm not seeing anything.
I looked in the database and only see:
| plugin_snmptt
| plugin_snmptt_alert
| plugin_snmptt_statistics
| plugin_snmptt_tree
| plugin_snmptt_unknown

I don't seem to have the plugin_snmptt_syslog table. I'm sure its something simple on my end. Any thoughts? Thanks.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#177 Post by gthe » Sun Jan 25, 2009 5:44 am

It must be on syslog_ng database, not cacti!
And enable syslog in settings tab.
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

munozm
Posts: 18
Joined: Sun Jul 08, 2007 10:14 pm
Contact:

#178 Post by munozm » Sun Jan 25, 2009 12:25 pm

I have use Syslog set to true.

My syslog database shows:
+------------------+
| Tables_in_syslog |
+------------------+
| syslog |
| syslog_alert |
| syslog_incoming |
| syslog_remove |
| syslog_reports |
+------------------+
Is this something I'm supposed to create manually?

Actually, I see now. my database is syslog and you are actually looking for syslog_ng.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#179 Post by gthe » Sun Jan 25, 2009 1:16 pm

Oh. yes.
Ok, I do it in settings in next ver.
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

munozm
Posts: 18
Joined: Sun Jul 08, 2007 10:14 pm
Contact:

#180 Post by munozm » Sun Jan 25, 2009 2:54 pm

I changed the database and I'm now getting syslog messages in your great snmptt plugin.

I'm testing some of the rules and notice a few things.

I have the rule type to syslog.
Initially I was matching on host='192.168.168.1' and was seeing matches, then it stopped. I deleted the rule, re-added it but the count now stays at 0. If I use the test button, it shows what should be the matches.

When I try and use syslog-priority, it only shows Normal for a drop down and doesn't seem to let me change it or add manually. Your Syslog section shows it properly though, info, notice, err, warning, etc. under priority.

For syslog-facility, it only shows options in the dropdown that are actually under Eventname under the trap section for the same device. Your syslog section shows it properly though, local4, etc. under facility.

Thanks for your help.

Post Reply