SNMPTT/SYSLOG viewer Plugin for Cacti. v 1.4.3 (2009/02/06)

General discussion about Plugins for Cacti

Moderators: Moderators, Developers

Post Reply
Author
Message
User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#181 Post by gthe » Sun Jan 25, 2009 3:11 pm

munozm - Do you use last vesrion (1.3.96) ?
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

munozm
Posts: 18
Joined: Sun Jul 08, 2007 10:14 pm
Contact:

#182 Post by munozm » Sun Jan 25, 2009 10:33 pm

I was running .92 and upgraded to .96. This seems to fix the issue on what rules I can see so thats good.

I now notice other strange things with the Rules. I have about 5 rules in there, 1 snmptt, 4 syslog. Only one of the syslog rules increments Count trig although all of the rules see the proper items when a test is done on their filter. I'm not trying to do anything crazy with the rules, just trying to see it work. For instance, on one of the ones that doesn't work, I'm simply trying to match on the host, if it sees it then email me, again, it sees a ton of entries when I test on the filter.

The one rule that does work doesn't seem to send email. How does it send email? I use postfix locally on the box and receive alerts from other tools on the box.

It would be great if you could create a rule from the syslog and trap views so you could easily set it up to get emails on certain events.

Thanks.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#183 Post by gthe » Mon Jan 26, 2009 3:53 am

munozm wrote: I now notice other strange things with the Rules. I have about 5 rules in there, 1 snmptt, 4 syslog. Only one of the syslog rules increments Count trig although all of the rules see the proper items when a test is done on their filter. I'm not trying to do anything crazy with the rules, just trying to see it work. For instance, on one of the ones that doesn't work, I'm simply trying to match on the host, if it sees it then email me, again, it sees a ton of entries when I test on the filter.

The one rule that does work doesn't seem to send email. How does it send email? I use postfix locally on the box and receive alerts from other tools on the box.
Thats may be because when poller exec rule it use only new records (trap or syslog), and after this mark recors as "already processed". So any records processed only one time (by default).
But when you create and test rule - you test it on any record (new and already processed - i.e. on all records in db). So, for really use rule you need:
- OR wait until such new record (trap or syslog message) will be received and processed by poller;
- OR force execution rule on already processed record (for this use last actions in rule row).

If new records received and rule don't work - I need to look at this rule and record.

munozm wrote: It would be great if you could create a rule from the syslog and trap views so you could easily set it up to get emails on certain events.
Thanks.
Thats not so simple, but I will try.
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

cigamit
Developer
Posts: 2785
Joined: Thu Apr 07, 2005 3:29 pm
Location: B/CS Texas
Contact:

#184 Post by cigamit » Tue Jan 27, 2009 1:57 pm

First of all, I would like to thank you for the superb work on this plugin. I now use it for all my Syslog messages and if you like, will include it by default on the next release of my CactiEZ CD.

I would like to add 2 contributes to which I have added to my local system.

1. I first thought that my Removal rules were not being processed. This is because the viewer is showing all messages as they come in, and not just the processed ones. Adding a "WHERE status=2" to the SQL queries for syslog messages in snmptt_db.php has corrected this.

2. To give it a bit of smarts in removing messages and to help speed up the process, I have set it to order the rules by

ORDER BY `is_delete` ASC, `count_triggered` DESC

This will cause it to process all deletion rules first, and to process the rules that see the highest amount of hits first. This will cause each rule afterwards to have less messages to search, thus causing the script to complete slightly faster.

I currently have 15000 messages a minute pouring through my syslogs (most are removed), and it doesn't appear to be having any issues yet.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#185 Post by gthe » Tue Jan 27, 2009 2:50 pm

cigamit wrote:First of all, I would like to thank you for the superb work on this plugin. I now use it for all my Syslog messages and if you like, will include it by default on the next release of my CactiEZ CD.
:D
I am very glad to hear it from you, but may be before it - we need decide change (or not) plugin name.
cigamit wrote: I would like to add 2 contributes to which I have added to my local system.

1. I first thought that my Removal rules were not being processed. This is because the viewer is showing all messages as they come in, and not just the processed ones. Adding a "WHERE status=2" to the SQL queries for syslog messages in snmptt_db.php has corrected this.
Agree. And now it in settings tab.
cigamit wrote: 2. To give it a bit of smarts in removing messages and to help speed up the process, I have set it to order the rules by

ORDER BY `is_delete` ASC, `count_triggered` DESC

This will cause it to process all deletion rules first, and to process the rules that see the highest amount of hits first. This will cause each rule afterwards to have less messages to search, thus causing the script to complete slightly faster.
If I have correctly understood you - it must be:

Code: Select all

ORDER BY `is_delete` DESC, `count_triggered` DESC
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

eternal
Cacti User
Posts: 68
Joined: Thu Dec 14, 2006 4:38 pm
Location: Kingsport TN
Contact:

#186 Post by eternal » Tue Jan 27, 2009 4:48 pm

munozm wrote:I changed the database and I'm now getting syslog messages in your great snmptt plugin.

I'm testing some of the rules and notice a few things.

I have the rule type to syslog.
Initially I was matching on host='192.168.168.1' and was seeing matches, then it stopped. I deleted the rule, re-added it but the count now stays at 0. If I use the test button, it shows what should be the matches.

When I try and use syslog-priority, it only shows Normal for a drop down and doesn't seem to let me change it or add manually. Your Syslog section shows it properly though, info, notice, err, warning, etc. under priority.

For syslog-facility, it only shows options in the dropdown that are actually under Eventname under the trap section for the same device. Your syslog section shows it properly though, local4, etc. under facility.

Thanks for your help.
Will need to change
snmptt_db_admin.php
snmptt_db.php
poller_snmptt.php

replace syslog_ng with syslog if your database outside of cacti is syslog and not syslog_ng

also had to run this

DROP TABLE IF EXISTS `syslog`.`plugin_snmptt_syslog`;
CREATE TABLE `syslog`.`plugin_snmptt_syslog` (
`id` int(10) unsigned NOT NULL auto_increment,
`host` varchar(128) default NULL,
`sourceip` varchar(45) NOT NULL,
`facility` varchar(10) default NULL,
`priority` varchar(10) default NULL,
`sys_date` datetime default NULL,
`message` text,
`status` tinyint(4) NOT NULL default '0',
`alert` tinyint(3) NOT NULL default '0',
PRIMARY KEY (`id`),
KEY `facility` (`facility`),
KEY `priority` (`priority`),
KEY `sourceip` (`sourceip`),
KEY `status` (`status`),
KEY `alert` (`alert`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

instead of the given one

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#187 Post by gthe » Tue Jan 27, 2009 11:38 pm

eternal - NO, no changes are needed!
It is all already done in next version which will be released shortly.
From its change-log:
- Syslog database name now may be any and changed in settings. Default is [syslog_ng]. If You have another - than after install/update plugin - change setting and import plugin_snmptt_syslog.sql in You syslog db.
Thanks.
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#188 Post by gthe » Thu Jan 29, 2009 2:30 am

New version in first post!
--- 1.4.1 ---
  • - Syslog database name now may be any and changed in settings. Default is [syslog_ng]. If You have another - than after install/update plugin - change setting and import plugin_snmptt_syslog.sql in You syslog db.
    - Now you can use one of two viewing mode's - "show all records" or "show only records, already processed by poller (i.e. by rules)". Change mode in settings tab.
    - Create rule based on traps;
    - Create rule based on syslog message;

    Minor updates:
    - Correct sorting in settings;
    - Speed up of the process rule's executing by process all deletion rules first, and to process the rules that see the highest amount of hits first. (thanks cigamit);
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

jfarese
Posts: 31
Joined: Wed Dec 06, 2006 8:45 am

Email Alerts not sending email

#189 Post by jfarese » Mon Feb 02, 2009 7:01 am

I installed snmptt and have created some rules, however, any rule that is supposed to send an email does not send the email when triggered. All other types of rules seem to work.(regular emails from cacti do work as well) Any suggesting on where/what to look for?

Thanks

cigamit
Developer
Posts: 2785
Joined: Thu Apr 07, 2005 3:29 pm
Location: B/CS Texas
Contact:

#190 Post by cigamit » Tue Feb 03, 2009 5:50 pm

Check your settings under the Mail / DNS settings in Cacti. Try sending a test email to yourself from there.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#191 Post by gthe » Wed Feb 04, 2009 5:49 am

--- 1.4.2 ---
  • - Added new parameter for choose join method (dns hostname or ip-address). Use that method which you use in hostname field of cacti device's.
    - Fix 2 error in poller.
    - Fix error with creating rule from record.
    - Added setting to use regular or smaller tab.

    Minor updates:
    - Settings tab look more like Cacti default;
    - ReCheck user rigth;
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

jfarese
Posts: 31
Joined: Wed Dec 06, 2006 8:45 am

#192 Post by jfarese » Wed Feb 04, 2009 8:12 am

cigamit

I am amble to send emails no problem from the test page. I know mail works as I wrote a mail function and use it as a workaround under the user_functions. This sends me emails properly.

GuessWho
Posts: 16
Joined: Tue Jan 13, 2009 2:55 pm

#193 Post by GuessWho » Thu Feb 05, 2009 1:56 pm

Gthe,
I just installed your plugin on another cacti box that I manage and noticed that the snmptt_functions.php file in the lib directory of the plugin uses a mysql function ROW_COUNT(). Unfortunately this function was not introduced to mysql until version 5.0.1. See here:
http://dev.mysql.com/doc/refman/5.0/en/ ... _row-count

I continue to get the error:
2/05/2009 12:20:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:21:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:22:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:23:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:24:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:25:29 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:26:29 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:27:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:28:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:29:29 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"
02/05/2009 12:30:30 PM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1064', SQL:"SELECT ROW_COUNT();"

Is this something that we can change or is one or your requirements mysql 5?
Thanks.

User avatar
gthe
Cacti User
Posts: 410
Joined: Sat Jul 29, 2006 1:23 pm
Location: RU

#194 Post by gthe » Thu Feb 05, 2009 2:00 pm

I fix it tomorrow.
My cacti plugin -[url=http://forums.cacti.net/viewtopic.php?p=156769#156769]CaMM[/url]
[size=75]Sorry for my English. [/size]

savagemindz
Posts: 10
Joined: Wed Feb 14, 2007 10:39 am

#195 Post by savagemindz » Fri Feb 06, 2009 5:06 am

Hi gthe,

I have a few little problems and I am hoping you can help with.

When I create a rule in the "edit filter for rule" and I select "snmptt - eventname" and I try to type into the Value Field your script will try to auto fill the name but it always picks the first entry (in my case authenticationFailure) regardless of what I type.

Also I would like to be able to type a trap that has not yet been triggered (and so is not in the list). I can paste the name of the trap into the value field but testing it does not return the correct values. I pasted "netscreenTrapTrf" but on testing it I got "authenticationFailure" traps rather than nothing. Also if I save this filter I get eventname='authenticationFailure' in the sql field of the main rule window.

Is it possible to create rules against traps that have not yet been triggered?

I am using version 1.4.1

Finally, and this isn't a problem. You have a missing "php" in "snmptt/include/snmptt_header_ext.php" here....

Code: Select all

<head>
        <title>cacti - snmptt plugin</title>
        <?
        // vim: ts=4:sw=4:nu:fdc=4
        /**
          * Send (Cache Control) headers
          *
should be....

Code: Select all

<head>
        <title>cacti - snmptt plugin</title>
        <?php
        // vim: ts=4:sw=4:nu:fdc=4
        /**
          * Send (Cache Control) headers
Btw I also would just like to say also that this is a truely excellent plugin. Keep up the good work.

Thanks

iain

Post Reply