Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Sat Apr 20, 2019 9:34 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: [HELP] Syslog not showing Available Hosts and Log Messages
PostPosted: Mon Mar 23, 2015 3:27 pm 
Offline

Joined: Thu Oct 23, 2014 11:00 am
Posts: 13
Hi guys, I'm new with syslogs on cacti, I already followed this procedure http://docs.cacti.net/plugin:syslog.config but unfortunately still I can't make it work :(


Here are my configurations

rsyslog.conf
Code:
# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

#$ModLoad ommysql.so
#$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timerepor$
#*.* >localhost,syslog,cactiuser,cactiuser;cacti_syslog

#*.* :ommysql:localhost,syslog,cactiuser,cactiuser

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereport$
*.*             >{localhost},{cacti},{cactiuser},{cactiuser};cacti_syslo


$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514



syslog config
Code:
<?php
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2007 The Cacti Group                                      |
|                                                                         |
| This program is free software; you can redistribute it and/or           |
| modify it under the terms of the GNU General Public License             |
| as published by the Free Software Foundation; either version 2          |
| of the License, or (at your option) any later version.                  |
|                                                                         |
| This program is distributed in the hope that it will be useful,         |
| but WITHOUT ANY WARRANTY; without even the implied warranty of          |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           |
| GNU General Public License for more details.                            |
+-------------------------------------------------------------------------+
| Cacti: The Complete RRDTool-based Graphing Solution                     |
+-------------------------------------------------------------------------+
| This code is designed, written, and maintained by the Cacti Group. See  |
| about.php and/or the AUTHORS file for specific developer information.   |
+-------------------------------------------------------------------------+
| http://www.cacti.net/                                                   |
+-------------------------------------------------------------------------+
*/

global $config, $database_type, $database_default, $database_hostname;
global $database_username, $database_password, $database_port;

/* revert if you dont use the Cacti database */
$use_cacti_db = true;

if (!$use_cacti_db) {
        $syslogdb_type     = 'mysql';
        $syslogdb_default  = 'cacti';
        $syslogdb_hostname = 'localhost';
        $syslogdb_username = 'cactiuser';
        $syslogdb_password = 'cactiuser';
        $syslogdb_port     = 3306;
}else{
        $syslogdb_type     = $database_type;
        $syslogdb_default  = $database_default;
        $syslogdb_hostname = $database_hostname;
        $syslogdb_username = $database_username;
        $syslogdb_password = $database_password;
        $syslogdb_port     = $database_port;
}

/* field in the incomming table */
$syslog_incoming_config['dateField']          = 'date';
$syslog_incoming_config['timeField']          = 'time';
$syslog_incoming_config['priorityField']      = 'priority';
$syslog_incoming_config['facilityField']      = 'facility';
$syslog_incoming_config['hostField']          = 'host';
$syslog_incoming_config['textField']          = 'message';
$syslog_incoming_config['id']                 = 'seq';

?>



Output of php syslog_process.php
Code:
03/23/2015 08:09:05 PM - SYSTEM SYSLOG STATS:Time:0.17 Deletes:0 Incoming:0 Removes:0 XFers:0 Alerts:0 Alarms:0 Reports:0



But still NO HOST Available and NO SYSLOG messages :(


Image


Please help me guys. I need to make it working before friday LOL!


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Sat Mar 28, 2015 7:49 am 
Offline

Joined: Sat Mar 28, 2015 7:09 am
Posts: 1
Hello,you can try my method as follows

My server version:CentOS 6.6

-------mysql--------

[[email protected] syslog]# mysql -u root -p -A syslog < syslog.sql

Enter password:

mysql> grant all on syslog.* to [email protected] identified by "cactiuser";

mysql> flush privileges;

mysql> quit

-------Syslog's config.php--------

$use_cacti_db = false; #ture > false

$syslogdb_username = 'cactiuser'; #The username must be same with cacti server

$syslogdb_password = 'cactiuser'; #The password must be same with cacti server

-------rsyslog.conf---------

$ModLoad ommysql.so

$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL

*.* :dommysql:localhost,syslog,cactiuser,cactiuser;cacti_syslog #delete d between : and o
*.* @192.168.1.1 #Linux(Centos) Server IP,let external network equipment send logs to Linux(Centos) Server

$ModLoad imudp.so

$ModLoad imtcp.so

$UDPServerRun 514

$InputTCPServerRun 514

--------Linux(Centos) Firewall settings-----------

vi /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT


Attachments:
1.png
1.png [ 135.32 KiB | Viewed 5962 times ]
Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Sun Mar 29, 2015 9:48 am 
Offline

Joined: Thu Oct 23, 2014 11:00 am
Posts: 13
Thanks chrispaul.. i will try right now! my server is CentOS release 6.5 (Final)

edit: I can't still make it bro.. but I tried to manually check if there's any record on the database table syslog_incoming .. and I found some data there. other than that all tables are no data

And as per checking these are the only created tables under syslog after I run syslog.sql

Image

and here are the tables created by installing the syslog plugin inside cacti database:

Image


as you can see there's a lot of difference in table structure

I'm really stressed right now with this syslog :(


and bro how localhost is available with your syslog? and mine is not? maybe if i can make it available i'm doing the right thing already? I'm really sad about it.. promise :(

can I have your skype id ? please i really need your help bro.. :( I'm desperate right now ... waaaaaa

here's my skype id akocisrael .. please add me bro and ping me once you are online and have time to discuss it with me.. I really need it badly.. please :)


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Wed Apr 01, 2015 4:32 pm 
Offline

Joined: Thu Oct 03, 2013 12:07 pm
Posts: 18
Katal, I am also new to syslog plugin but I am having other issues :)

Forgive me if you have already checked this as I don't know your skillset, but have you tried using a Windows or Linux box to telnet to that server on port 514. It should result in a blank prompt for Windows or a connected message in Linux. If that times our or gives connection refused message check whether or not the /var/log/audit/audit.log file is reporting the SELinux is blocking traffic. Would you be willing to post the results of "iptables -L" so that we can verify that at least iptables it is set up correctly?

Can you check the contents of the database table syslog_hosts to see if it lists anything? It might also be helpful to paste your rsyslog.conf file (remove comment entries) for review.

[Edit] Sorry, I see that you posted the config. I'll review it when I have a few minutes.


Sean


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Thu Apr 02, 2015 3:32 pm 
Offline

Joined: Thu Oct 03, 2013 12:07 pm
Posts: 18
Katal, I see one immediate issue from your rsyslog.conf entries in that the database name may be incorrect. Your conf file has "cacti_syslo" instead of "cacti_syslog". If you fix that your Cacti syslog may magically start to work.

I reviewed your syslog.conf file and I did things a little differently. My settings are below and as you can see I opened both TCP and UDP since I found a better Windows client (rSyslog for Windows) that forwards using TCP. When using TCP the logs are updated more or less realtime. Also, see my $template line. If you change the %syslogfacility% to '%syslogfacility-text%' with the single quotes and do the same to %syslogpriority% then the color coding in the plugin work work properly.

If you have any additional questions please let me know. I hope that fixing the database name makes this work for you.

[Edit: Added notification on reply]
---------------------------

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad ommysql # MySQL database output module

# Cacti syslog plugin template
# Supposedly fixed template 3-31-15
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values ('%syslogfacility-text%', '%syslogpriority-text%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >localhost,syslog,sysloguser,passwordhere;cacti_syslog

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Sun Apr 05, 2015 12:28 pm 
Offline

Joined: Thu Oct 23, 2014 11:00 am
Posts: 13
Thanks for reply :wink:

the "cacti_syslo" issue is just a type error but right now I just copied your template and tried to uninstall and re-install syslog then use cacti database so that all of neccessary database tables should be available.

I also check the syslog_hosts and nothing is save there but my syslog_incoming is now showing datas.

check image below

Image


I was able to telnet 192.x.x.x 514 my cacti server server and the result was connected.

I also got the black screen your talking about while trying to telnet my server using windows pc.


My firewall is disabled but here is my iptables

Quote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination




My updated rsyslog.conf

Quote:
$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values ('%syslogfacility-text%', '%syslogpriority-text%',$
*.* >localhost,cacti,cactiuser,cactiuser;cacti_syslog


$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)


$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler


$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

:programname, startswith, "spice-vdagent" /var/log/spice-vdagent.log;SpiceTmpl




My updated cacti syslog config

Quote:
/* revert if you dont use the Cacti database */
$use_cacti_db = true;
#$use_cacti_db = false;

if (!$use_cacti_db) {
$syslogdb_type = 'mysql';
$syslogdb_default = 'cacti';
$syslogdb_hostname = 'localhost';
$syslogdb_username = 'cactiuser';
$syslogdb_password = 'cactiuser';
$syslogdb_port = 3306;
}else{


$syslogdb_type = $database_type;
$syslogdb_default = $database_default;
$syslogdb_hostname = $database_hostname;
$syslogdb_username = 'cactiuser';
$syslogdb_password = 'cactiuser';
$syslogdb_port = $database_port;
}



/* field in the incomming table */
$syslog_incoming_config['dateField'] = 'date';
$syslog_incoming_config['timeField'] = 'time';
$syslog_incoming_config['priorityField'] = 'priority';
$syslog_incoming_config['facilityField'] = 'facility';
$syslog_incoming_config['hostField'] = 'host';
$syslog_incoming_config['textField'] = 'message';
$syslog_incoming_config['id'] = 'seq';





but still syslog is not showing.. I also configured rsyslog of one of my linux server to send log to my cacti syslog server using 514 port.

but still no host available.. I'm almost doing this thing for a month! waaaaaa.. this is so frustrating! :roll:

here is my skype ID . akocisrael .. please ping me so I can ask you more question and you can help me .. please please


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Wed Apr 08, 2015 8:10 am 
Offline

Joined: Thu Oct 23, 2014 11:00 am
Posts: 13
My only problem now is the syslog_host has no data, maybe that's the reason why "show host available" is not showing anything even if syslog_incoming have data.


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Wed Apr 08, 2015 1:45 pm 
Offline

Joined: Thu Oct 03, 2013 12:07 pm
Posts: 18
I apologize for the late reply. The last few days have been... interesting ;)

In the Cacti GUI do you have the setting "Syslog Enabled" box checked? If not that would explain this situation. I am talking about the section Console - Configuration - Settings - Syslog

Where are you asking for "show host available" and using what method? It looks like you are using PHPMyadmin to manage your database, but the interface looks different that mine. Just a curiosity more than anything else. Did you confirm using PHPMyadmin that the syslog_hosts table is empty? I am assuming that in the Cacti GUI that the "Available Hosts" list is also empty.

If none of the above helps:
I must admit that I don't know syslog well enough to be an expert, but I do see an "extra" $template defined in your rsyslog.conf file. Have you tried taking that out to see if it is interfering in some way? I honestly doubt that the additional template would impact this but it would be worth a try if all else fails.


I may have time to help with Skype, but give this a shot first :)


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Thu Apr 09, 2015 8:31 am 
Offline

Joined: Thu Oct 23, 2014 11:00 am
Posts: 13
svancouw wrote:
I apologize for the late reply. The last few days have been... interesting ;)

In the Cacti GUI do you have the setting "Syslog Enabled" box checked? If not that would explain this situation. I am talking about the section Console - Configuration - Settings - Syslog



Yes, my syslog is enabled
Image


svancouw wrote:
Where are you asking for "show host available" and using what method? It looks like you are using PHPMyadmin to manage your database, but the interface looks different that mine. Just a curiosity more than anything else. Did you confirm using PHPMyadmin that the syslog_hosts table is empty? I am assuming that in the Cacti GUI that the "Available Hosts" list is also empty.



I'm using MYSQL Database

Here is my Syslog_host Table


Image

Here is where I'm asking "Show Host Available"

Image

this is inside the Cacti Web GUI


svancouw wrote:
If none of the above helps:
I must admit that I don't know syslog well enough to be an expert, but I do see an "extra" $template defined in your rsyslog.conf file. Have you tried taking that out to see if it is interfering in some way? I honestly doubt that the additional template would impact this but it would be worth a try if all else fails.


Bro, are you talking about this one "$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" ??



svancouw wrote:
I may have time to help with Skype, but give this a shot first :)



No problem. will try this one first.


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Thu Apr 09, 2015 12:31 pm 
Offline

Joined: Thu Oct 03, 2013 12:07 pm
Posts: 18
Thanks for the clarifications. So far everything seems to be correctly set up...

Yes, I was referring to "$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n". What is the purpose of this template?

I'll try to skype you later tonight around 7 PM PDT. What time zone are you in?


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Thu Apr 09, 2015 5:18 pm 
Offline

Joined: Thu Oct 23, 2014 11:00 am
Posts: 13
svancouw wrote:
Thanks for the clarifications. So far everything seems to be correctly set up...

Yes, I was referring to "$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n". What is the purpose of this template?

I'll try to skype you later tonight around 7 PM PDT. What time zone are you in?





That template is default with rsyslog.conf bro.. but I tried to remove it now but still no luck :(

by the way this is my time zone UTC+08:00

Thank you so much for helping me.


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Thu Apr 09, 2015 6:06 pm 
Offline

Joined: Thu Oct 03, 2013 12:07 pm
Posts: 18
With me being UTC -7 that puts us rather far apart. Is there a more convenient time for you? 7 PM my time is 10 AM your time. I'll contact you as I stated unless you say otherwise.


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Thu Apr 09, 2015 10:29 pm 
Offline

Joined: Thu Oct 03, 2013 12:07 pm
Posts: 18
We lost connection while checking your setup. It looks like the poller is not executing syslog_process.php because running this manually populated everything in the syslog plugin. I saw another thread here where someone had a plugin that was conflicting with the syslog plugin and caused the same problem that you are having.

Syslog Message Lag Time

Try running the command below. I have grepped out a few items to help eliminate unecessary output to the console.

php /usr/share/cacti/poller.php --debug --force | grep -v Waiting | grep -v OK

Look for any errors or PHP fatal messages that might pinpoint any conflicting plugins. Another option is to temporarily disable all plugins other than syslog and see if syslog starts showing recent log entries.


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Sun Apr 12, 2015 2:42 am 
Offline

Joined: Thu Oct 23, 2014 11:00 am
Posts: 13
Thanks sean for helping me personally, because of your help my syslog is now working fine. :) thank you so much! I hope we can talk more often 'coz I really want to learn more new things about linux or windows world :)

Thank you so much again Sean! :D


Top
 Profile  
 
 Post subject: Re: [HELP] Syslog not showing Available Hosts and Log Messag
PostPosted: Wed Jan 23, 2019 10:07 am 
Offline

Joined: Sun Jun 04, 2017 6:25 am
Posts: 15
But how is possible to see Devices name in Cacti from HP Curve switch?
I see "invalid_host". There are no problems with Linux hosts. I add rsyslog.conf as first word current hostname. What to do with switch?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group