[HELP] Syslog not showing Available Hosts and Log Messages

General discussion about Plugins for Cacti

Moderators: Moderators, Developers

Author
Message
katal2hod
Posts: 13
Joined: Thu Oct 23, 2014 11:00 am

[HELP] Syslog not showing Available Hosts and Log Messages

#1 Post by katal2hod » Mon Mar 23, 2015 3:27 pm

Hi guys, I'm new with syslogs on cacti, I already followed this procedure http://docs.cacti.net/plugin:syslog.config but unfortunately still I can't make it work :(


Here are my configurations

rsyslog.conf

Code: Select all

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

#$ModLoad ommysql.so
#$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timerepor$
#*.* >localhost,syslog,cactiuser,cactiuser;cacti_syslog

#*.* :ommysql:localhost,syslog,cactiuser,cactiuser

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereport$
*.*             >{localhost},{cacti},{cactiuser},{cactiuser};cacti_syslo


$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

syslog config

Code: Select all

<?php
/*
 +-------------------------------------------------------------------------+
 | Copyright (C) 2007 The Cacti Group                                      |
 |                                                                         |
 | This program is free software; you can redistribute it and/or           |
 | modify it under the terms of the GNU General Public License             |
 | as published by the Free Software Foundation; either version 2          |
 | of the License, or (at your option) any later version.                  |
 |                                                                         |
 | This program is distributed in the hope that it will be useful,         |
 | but WITHOUT ANY WARRANTY; without even the implied warranty of          |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           |
 | GNU General Public License for more details.                            |
 +-------------------------------------------------------------------------+
 | Cacti: The Complete RRDTool-based Graphing Solution                     |
 +-------------------------------------------------------------------------+
 | This code is designed, written, and maintained by the Cacti Group. See  |
 | about.php and/or the AUTHORS file for specific developer information.   |
 +-------------------------------------------------------------------------+
 | http://www.cacti.net/                                                   |
 +-------------------------------------------------------------------------+
*/

global $config, $database_type, $database_default, $database_hostname;
global $database_username, $database_password, $database_port;

/* revert if you dont use the Cacti database */
$use_cacti_db = true;

if (!$use_cacti_db) {
        $syslogdb_type     = 'mysql';
        $syslogdb_default  = 'cacti';
        $syslogdb_hostname = 'localhost';
        $syslogdb_username = 'cactiuser';
        $syslogdb_password = 'cactiuser';
        $syslogdb_port     = 3306;
}else{
        $syslogdb_type     = $database_type;
        $syslogdb_default  = $database_default;
        $syslogdb_hostname = $database_hostname;
        $syslogdb_username = $database_username;
        $syslogdb_password = $database_password;
        $syslogdb_port     = $database_port;
}

/* field in the incomming table */
$syslog_incoming_config['dateField']          = 'date';
$syslog_incoming_config['timeField']          = 'time';
$syslog_incoming_config['priorityField']      = 'priority';
$syslog_incoming_config['facilityField']      = 'facility';
$syslog_incoming_config['hostField']          = 'host';
$syslog_incoming_config['textField']          = 'message';
$syslog_incoming_config['id']                 = 'seq';

?>

Output of php syslog_process.php

Code: Select all

03/23/2015 08:09:05 PM - SYSTEM SYSLOG STATS:Time:0.17 Deletes:0 Incoming:0 Removes:0 XFers:0 Alerts:0 Alarms:0 Reports:0

But still NO HOST Available and NO SYSLOG messages :(


Image


Please help me guys. I need to make it working before friday LOL!

chrispaul
Posts: 1
Joined: Sat Mar 28, 2015 7:09 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#2 Post by chrispaul » Sat Mar 28, 2015 7:49 am

Hello,you can try my method as follows

My server version:CentOS 6.6

-------mysql--------

[[email protected] syslog]# mysql -u root -p -A syslog < syslog.sql

Enter password:

mysql> grant all on syslog.* to [email protected] identified by "cactiuser";

mysql> flush privileges;

mysql> quit

-------Syslog's config.php--------

$use_cacti_db = false; #ture > false

$syslogdb_username = 'cactiuser'; #The username must be same with cacti server

$syslogdb_password = 'cactiuser'; #The password must be same with cacti server

-------rsyslog.conf---------

$ModLoad ommysql.so

$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL

*.* :dommysql:localhost,syslog,cactiuser,cactiuser;cacti_syslog #delete d between : and o
*.* @192.168.1.1 #Linux(Centos) Server IP,let external network equipment send logs to Linux(Centos) Server

$ModLoad imudp.so

$ModLoad imtcp.so

$UDPServerRun 514

$InputTCPServerRun 514

--------Linux(Centos) Firewall settings-----------

vi /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
Attachments
1.png
1.png (135.32 KiB) Viewed 6684 times

katal2hod
Posts: 13
Joined: Thu Oct 23, 2014 11:00 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#3 Post by katal2hod » Sun Mar 29, 2015 9:48 am

Thanks chrispaul.. i will try right now! my server is CentOS release 6.5 (Final)

edit: I can't still make it bro.. but I tried to manually check if there's any record on the database table syslog_incoming .. and I found some data there. other than that all tables are no data

And as per checking these are the only created tables under syslog after I run syslog.sql

Image

and here are the tables created by installing the syslog plugin inside cacti database:

Image


as you can see there's a lot of difference in table structure

I'm really stressed right now with this syslog :(


and bro how localhost is available with your syslog? and mine is not? maybe if i can make it available i'm doing the right thing already? I'm really sad about it.. promise :(

can I have your skype id ? please i really need your help bro.. :( I'm desperate right now ... waaaaaa

here's my skype id akocisrael .. please add me bro and ping me once you are online and have time to discuss it with me.. I really need it badly.. please :)

svancouw
Posts: 18
Joined: Thu Oct 03, 2013 12:07 pm

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#4 Post by svancouw » Wed Apr 01, 2015 4:32 pm

Katal, I am also new to syslog plugin but I am having other issues :)

Forgive me if you have already checked this as I don't know your skillset, but have you tried using a Windows or Linux box to telnet to that server on port 514. It should result in a blank prompt for Windows or a connected message in Linux. If that times our or gives connection refused message check whether or not the /var/log/audit/audit.log file is reporting the SELinux is blocking traffic. Would you be willing to post the results of "iptables -L" so that we can verify that at least iptables it is set up correctly?

Can you check the contents of the database table syslog_hosts to see if it lists anything? It might also be helpful to paste your rsyslog.conf file (remove comment entries) for review.

[Edit] Sorry, I see that you posted the config. I'll review it when I have a few minutes.


Sean

svancouw
Posts: 18
Joined: Thu Oct 03, 2013 12:07 pm

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#5 Post by svancouw » Thu Apr 02, 2015 3:32 pm

Katal, I see one immediate issue from your rsyslog.conf entries in that the database name may be incorrect. Your conf file has "cacti_syslo" instead of "cacti_syslog". If you fix that your Cacti syslog may magically start to work.

I reviewed your syslog.conf file and I did things a little differently. My settings are below and as you can see I opened both TCP and UDP since I found a better Windows client (rSyslog for Windows) that forwards using TCP. When using TCP the logs are updated more or less realtime. Also, see my $template line. If you change the %syslogfacility% to '%syslogfacility-text%' with the single quotes and do the same to %syslogpriority% then the color coding in the plugin work work properly.

If you have any additional questions please let me know. I hope that fixing the database name makes this work for you.

[Edit: Added notification on reply]
---------------------------

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad ommysql # MySQL database output module

# Cacti syslog plugin template
# Supposedly fixed template 3-31-15
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values ('%syslogfacility-text%', '%syslogpriority-text%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >localhost,syslog,sysloguser,passwordhere;cacti_syslog

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

katal2hod
Posts: 13
Joined: Thu Oct 23, 2014 11:00 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#6 Post by katal2hod » Sun Apr 05, 2015 12:28 pm

Thanks for reply :wink:

the "cacti_syslo" issue is just a type error but right now I just copied your template and tried to uninstall and re-install syslog then use cacti database so that all of neccessary database tables should be available.

I also check the syslog_hosts and nothing is save there but my syslog_incoming is now showing datas.

check image below

Image


I was able to telnet 192.x.x.x 514 my cacti server server and the result was connected.

I also got the black screen your talking about while trying to telnet my server using windows pc.


My firewall is disabled but here is my iptables
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


My updated rsyslog.conf
$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values ('%syslogfacility-text%', '%syslogpriority-text%',$
*.* >localhost,cacti,cactiuser,cactiuser;cacti_syslog


$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)


$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler


$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

:programname, startswith, "spice-vdagent" /var/log/spice-vdagent.log;SpiceTmpl


My updated cacti syslog config
/* revert if you dont use the Cacti database */
$use_cacti_db = true;
#$use_cacti_db = false;

if (!$use_cacti_db) {
$syslogdb_type = 'mysql';
$syslogdb_default = 'cacti';
$syslogdb_hostname = 'localhost';
$syslogdb_username = 'cactiuser';
$syslogdb_password = 'cactiuser';
$syslogdb_port = 3306;
}else{


$syslogdb_type = $database_type;
$syslogdb_default = $database_default;
$syslogdb_hostname = $database_hostname;
$syslogdb_username = 'cactiuser';
$syslogdb_password = 'cactiuser';
$syslogdb_port = $database_port;
}



/* field in the incomming table */
$syslog_incoming_config['dateField'] = 'date';
$syslog_incoming_config['timeField'] = 'time';
$syslog_incoming_config['priorityField'] = 'priority';
$syslog_incoming_config['facilityField'] = 'facility';
$syslog_incoming_config['hostField'] = 'host';
$syslog_incoming_config['textField'] = 'message';
$syslog_incoming_config['id'] = 'seq';


but still syslog is not showing.. I also configured rsyslog of one of my linux server to send log to my cacti syslog server using 514 port.

but still no host available.. I'm almost doing this thing for a month! waaaaaa.. this is so frustrating! :roll:

here is my skype ID . akocisrael .. please ping me so I can ask you more question and you can help me .. please please

katal2hod
Posts: 13
Joined: Thu Oct 23, 2014 11:00 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#7 Post by katal2hod » Wed Apr 08, 2015 8:10 am

My only problem now is the syslog_host has no data, maybe that's the reason why "show host available" is not showing anything even if syslog_incoming have data.

svancouw
Posts: 18
Joined: Thu Oct 03, 2013 12:07 pm

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#8 Post by svancouw » Wed Apr 08, 2015 1:45 pm

I apologize for the late reply. The last few days have been... interesting ;)

In the Cacti GUI do you have the setting "Syslog Enabled" box checked? If not that would explain this situation. I am talking about the section Console - Configuration - Settings - Syslog

Where are you asking for "show host available" and using what method? It looks like you are using PHPMyadmin to manage your database, but the interface looks different that mine. Just a curiosity more than anything else. Did you confirm using PHPMyadmin that the syslog_hosts table is empty? I am assuming that in the Cacti GUI that the "Available Hosts" list is also empty.

If none of the above helps:
I must admit that I don't know syslog well enough to be an expert, but I do see an "extra" $template defined in your rsyslog.conf file. Have you tried taking that out to see if it is interfering in some way? I honestly doubt that the additional template would impact this but it would be worth a try if all else fails.


I may have time to help with Skype, but give this a shot first :)

katal2hod
Posts: 13
Joined: Thu Oct 23, 2014 11:00 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#9 Post by katal2hod » Thu Apr 09, 2015 8:31 am

svancouw wrote:I apologize for the late reply. The last few days have been... interesting ;)

In the Cacti GUI do you have the setting "Syslog Enabled" box checked? If not that would explain this situation. I am talking about the section Console - Configuration - Settings - Syslog
Yes, my syslog is enabled
Image

svancouw wrote: Where are you asking for "show host available" and using what method? It looks like you are using PHPMyadmin to manage your database, but the interface looks different that mine. Just a curiosity more than anything else. Did you confirm using PHPMyadmin that the syslog_hosts table is empty? I am assuming that in the Cacti GUI that the "Available Hosts" list is also empty.
I'm using MYSQL Database

Here is my Syslog_host Table


Image

Here is where I'm asking "Show Host Available"

Image

this is inside the Cacti Web GUI

svancouw wrote: If none of the above helps:
I must admit that I don't know syslog well enough to be an expert, but I do see an "extra" $template defined in your rsyslog.conf file. Have you tried taking that out to see if it is interfering in some way? I honestly doubt that the additional template would impact this but it would be worth a try if all else fails.
Bro, are you talking about this one "$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" ??


svancouw wrote: I may have time to help with Skype, but give this a shot first :)

No problem. will try this one first.

svancouw
Posts: 18
Joined: Thu Oct 03, 2013 12:07 pm

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#10 Post by svancouw » Thu Apr 09, 2015 12:31 pm

Thanks for the clarifications. So far everything seems to be correctly set up...

Yes, I was referring to "$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n". What is the purpose of this template?

I'll try to skype you later tonight around 7 PM PDT. What time zone are you in?

katal2hod
Posts: 13
Joined: Thu Oct 23, 2014 11:00 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#11 Post by katal2hod » Thu Apr 09, 2015 5:18 pm

svancouw wrote:Thanks for the clarifications. So far everything seems to be correctly set up...

Yes, I was referring to "$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n". What is the purpose of this template?

I'll try to skype you later tonight around 7 PM PDT. What time zone are you in?



That template is default with rsyslog.conf bro.. but I tried to remove it now but still no luck :(

by the way this is my time zone UTC+08:00

Thank you so much for helping me.

svancouw
Posts: 18
Joined: Thu Oct 03, 2013 12:07 pm

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#12 Post by svancouw » Thu Apr 09, 2015 6:06 pm

With me being UTC -7 that puts us rather far apart. Is there a more convenient time for you? 7 PM my time is 10 AM your time. I'll contact you as I stated unless you say otherwise.

svancouw
Posts: 18
Joined: Thu Oct 03, 2013 12:07 pm

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#13 Post by svancouw » Thu Apr 09, 2015 10:29 pm

We lost connection while checking your setup. It looks like the poller is not executing syslog_process.php because running this manually populated everything in the syslog plugin. I saw another thread here where someone had a plugin that was conflicting with the syslog plugin and caused the same problem that you are having.

http://forums.cacti.net/viewtopic.php?f=2&t=53267

Try running the command below. I have grepped out a few items to help eliminate unecessary output to the console.

php /usr/share/cacti/poller.php --debug --force | grep -v Waiting | grep -v OK

Look for any errors or PHP fatal messages that might pinpoint any conflicting plugins. Another option is to temporarily disable all plugins other than syslog and see if syslog starts showing recent log entries.

katal2hod
Posts: 13
Joined: Thu Oct 23, 2014 11:00 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#14 Post by katal2hod » Sun Apr 12, 2015 2:42 am

Thanks sean for helping me personally, because of your help my syslog is now working fine. :) thank you so much! I hope we can talk more often 'coz I really want to learn more new things about linux or windows world :)

Thank you so much again Sean! :D

itkroplis
Posts: 17
Joined: Sun Jun 04, 2017 6:25 am

Re: [HELP] Syslog not showing Available Hosts and Log Messag

#15 Post by itkroplis » Wed Jan 23, 2019 10:07 am

But how is possible to see Devices name in Cacti from HP Curve switch?
I see "invalid_host". There are no problems with Linux hosts. I add rsyslog.conf as first word current hostname. What to do with switch?

Post Reply