Syslog daemon on Windows (can logged to database)

DrivesMeCrazy · Post by **DrivesMeCrazy** » Sun Aug 26, 2007 8:24 pm

pepj wrote:
DrivesMeCrazy wrote: Everytime when kiwi syslogd captured the syslog message and stored in SyslogCatchAll.txt, it gets renamed to TEMPSyslogCatchAll.txt.
SyslogCatchAll.txt will not exists anymore till ...
In this way the plugin will copy only one time the traps (the TEMPSyslogCatchAll.txt is a temporary backup) and also not lost a trap that would comes during the process. We can discuss later if you want to keep all the traps in a text file, but normally you don't need this if you have the data in the haloe SQL DB.

To check what happend when the data are copied to Haloe:
- remove in the function "syslogupd_poller" of "functions.php" in syslogupd the "//TEST " before the lines which have this.
- create a "SyslogCatchAll.txt" file with a test trap (or from KIWI click test trap)
- start "php syslogupd.php" manually from a command prompt

You should see the parameters from haloe passed to syslogupd, and the result.
Are the parameters OK?

PS: check also the parameters in the Haloe config.php
in my case I had changed
Code: Select all
$haloedb_hostname = "localhost";
$haloedb_username = "...";
$haloedb_password = "...";
$haloe_config["haloeTable"]      = "syslog";

I have uncomment out those "//TEST" statements and run syslogupd.php manually.

Got this Fatal Error:

Code: Select all

Fatal error: Call to a member function SetFetchMode() on a non-object in E:\cacti\lib\database.php on line 124

Line 124 on database.php:
	$cnn_id->SetFetchMode(ADODB_FETCH_ASSOC);

The TESTSyslog.txt file content:

Code: Select all

(syslogpollerautomatically) actual path=E:\cactisql connect res=1,host=localhost,user=haloeuser,pass=mypasswd,default=haloe,type=mysql

Seems like I have problem with ADODB code provided together with cacti instead.

I will try out your latest version once I resolved this. You have been a great help.

pepj · Post by **pepj** » Mon Aug 27, 2007 1:40 am

DrivesMeCrazy wrote: I have uncomment out those "//TEST" statements and run syslogupd.php manually.

Please use the latest release 0.2d URL=http://forums.cacti.net/viewtopic.php?p=108332#108332.
(With uncommenting, removing "//TEST", it does not function, it was a old test and create an side effect. You have no problem with ADODB.)

test with

Code: Select all

cd your_path\plugins\syslogupd
php Your_path\plugins\syslogupd\syslogupd.php -d

DrivesMeCrazy · Post by **DrivesMeCrazy** » Mon Aug 27, 2007 9:44 pm

pepj wrote: Please use the latest release 0.2d URL=http://forums.cacti.net/viewtopic.php?p=108332#108332.
(With uncommenting, removing "//TEST", it does not function, it was a old test and create an side effect. You have no problem with ADODB.)

test with
Code: Select all
cd your_path\plugins\syslogupd
php Your_path\plugins\syslogupd\syslogupd.php -d

Hi Pepj,

I have tried out your latest version.
The sql statements seems fine but it is still does not update mysql database.
"RESULT=0" should mean that the execution is true with no exception returned right?

Code: Select all

E:\cacti>php plugins\syslogupd\syslogupd.php -d
08/28/2007 02:38:13 AM - SYSLOGUPD: Poller[0] CFG SYSLOGUPD DEBUG:sql connect RE
SULT=0,host=localhost,user=haloeuser,password=mypasswd,haloedb_default=haloe,haloed
b_type=mysql
08/28/2007 02:38:13 AM - SYSLOGUPD: Poller[0] CFG SYSLOGUPD DEBUG:sql save comma
nd=INSERT into haloe.syslog (host,facility,priority,level,date,time,program,mess
age) VALUES('192.168.0.1','User','Warning','','2007-08-28','10:20:51','KIWI','NT
P server 216.52.23.2 failed to respond
')  RESULT=0
08/28/2007 02:38:13 AM - SYSLOGUPD: Poller[0] CFG SYSLOGUPD DEBUG:END of copy tr
aps to syslog.

E:\cacti>
E:\cacti>
E:\cacti>mysql -u haloeuser -p
Enter password: *****
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 15429
Server version: 5.0.37-community-nt MySQL Community Edition (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use haloe;
Database changed
mysql> select * from syslog;
Empty set (0.03 sec)

mysql> select * from syslog_incoming;
Empty set (0.02 sec)

mysql>

pepj · Post by **pepj** » Tue Aug 28, 2007 10:43 am

DrivesMeCrazy wrote:The sql statements seems fine but it is still does not update mysql database.

I think the connection to the SQL server has not functioned.

1/ try to insert manually

Code: Select all

INSERT into haloe.syslog (host,facility,priority,level,date,time,program,mess
age) VALUES('192.168.0.1','User','Warning','','2007-08-28','10:20:51','KIWI','NT
P server 216.52.23.2 failed to respond
') ;
select * from syslog;

2/ could you try with: haloedb_hostname = an IP-address not localhost
in the Haloe config.php
3/ are you using the port = "3306" for SQL ?

PS: when nothing function try this (ONLY for MySQL !!!)

Code: Select all

replace
	$res= sql_db_connect_real($haloedb_hostname,$haloedb_username,$haloedb_password,$haloedb_default, $haloedb_type);
with
$sqlconnection = mysql_connect($haloedb_hostname, $haloedb_username, $haloedb_password);
$res= (!$sqlconnection) ? ("NO connection:".mysql_error()): "OK";

and

Code: Select all

            $result = sql_db_execute($sql_save);
with
   // only for MySQL if the other function does not function
   $res1 = mysql_query($sql_save,$sqlconnection);
   $result= (!$res1) ? ("Error:".mysql_error()): "OK";

and

Code: Select all

at the end before the last }
  // only for MySQL if the other function does not function
  if ($link) mysql_close($sqlconnection);

DrivesMeCrazy · Post by **DrivesMeCrazy** » Tue Aug 28, 2007 8:42 pm

pepj wrote: I think the connection to the SQL server has not functioned.

1/ try to insert manually
Code: Select all
INSERT into haloe.syslog (host,facility,priority,level,date,time,program,mess
age) VALUES('192.168.0.1','User','Warning','','2007-08-28','10:20:51','KIWI','NT
P server 216.52.23.2 failed to respond
') ;
select * from syslog;
2/ could you try with: haloedb_hostname = an IP-address not localhost
in the Haloe config.php
3/ are you using the port = "3306" for SQL ?

Hey pepj,

I got it working!!!

I tried to do a manual insert as suggested by you, found out that both column "level" and "program" is not in syslog table.
Hence, I removed them and able to insert into database.

Column "level" not found (via INSERT statement):

Code: Select all

mysql> INSERT INTO haloe.syslog (host,facility,priority,level,date,time,program,
message) VALUES('192.168.0.1','User','Warning','','2007-08-29','09:10:01','KIWI'
,'NTP server 216.52.23.2 failed to respond');
ERROR 1054 (42S22): Unknown column 'level' in 'field list'

Column "program" not found (via INSERT statement):

Code: Select all

mysql> INSERT INTO haloe.syslog (host,facility,priority,date,time,program,messag
e) VALUES('192.168.0.1','User','Warning','2007-08-29','09:10:01','KIWI','NTP ser
ver 216.52.23.2 failed to respond');
ERROR 1054 (42S22): Unknown column 'program' in 'field list'

Syslog Table Description

Code: Select all

mysql> describe syslog;
+----------+------------------+------+-----+---------+----------------+
| Field    | Type             | Null | Key | Default | Extra          |
+----------+------------------+------+-----+---------+----------------+
| facility | varchar(10)      | YES  |     | NULL    |                |
| priority | varchar(10)      | YES  |     | NULL    |                |
| date     | date             | YES  |     | NULL    |                |
| time     | time             | YES  |     | NULL    |                |
| host     | varchar(128)     | YES  |     | NULL    |                |
| message  | text             | YES  |     | NULL    |                |
| seq      | int(10) unsigned | NO   | PRI | NULL    | auto_increment |
+----------+------------------+------+-----+---------+----------------+
7 rows in set (0.08 sec)

Lastly, I have to update syslogd's functions.php

Code: Select all

$record="(".$haloe_config["hostField"].","
                 .$haloe_config["facilityField"] . ","
                 .$haloe_config["priorityField"] . ","
                 .$haloe_config["dateField"] . ","
                 .$haloe_config["timeField"] . ","
                 .$haloe_config["textField"].")";

$values ="('".$host."','".$facility."','".$priority."','"
			                      .$date."','".$time."','".$msg."')";

Really appreciate your help all this while. Thanks alot.

pepj · Post by **pepj** » Wed Aug 29, 2007 5:37 pm

DrivesMeCrazy wrote: Column "level" not found
Column "program" not found

.... For the future you will perhaps need these fields (especially "level") in the haloe SQL-DB. Now they are not used but you can see it in the setup.php file of haloe.

When you have a look at the setup.php of the plugin Haloe, you can see:

Code: Select all

		$sql = "CREATE TABLE haloe_logs (
			host varchar(32) default NULL,
                                                ....
			level varchar(10) default NULL,
			tag varchar(10) default NULL,
                                                ....
			program varchar(15) default NULL,
			msg text,
                                                ....
			KEY facility (facility)
			) TYPE=MyISAM;";

I will add a condition in the version 0.2e for those have not create these fields.
URL=http://forums.cacti.net/post-108332.html#108332

pepj · Post by **pepj** » Sat Sep 08, 2007 5:22 pm

syslogupd 0.4x (it replace version 0.3 because of the new structure of syslog-plugin)

Some changement (0.4x) to function correctly with Haloe / email-alerts

URL=http://forums.cacti.net/viewtopic.php?p=117245#117245

lyudell · Post by **lyudell** » Wed Nov 14, 2007 2:04 pm

HI Pepj,

Thank you for writing this module. The fact that I'm getting the error below, I'm sure, is a function of my own making.

Here's where I'm at:

I've loaded the 0.3 version of syslogupd along with the syslog plugin. I read through the previous post about the columns for level and program being absent and the correction to the code that was made and I think I have faithfully reproduced the code. In addition, the lastest version of syslog uses "syslog" rather than "haloe" as the path and varialbe "prefix", so that had to be changed...I think.

At any rate, I'm getting this error when I try to run the "forced" update:

Fatal error: Call to a member function SetFetchMode() on a non-object in C:\www\Cacti\lib\database.php on line 155

Any ideas?

Thanks.

pepj · Post by **pepj** » Thu Nov 15, 2007 6:09 am

lyudell wrote:... In addition, the lastest version of syslog uses "syslog" rather than "haloe" as the path and varialbe "prefix", so that had to be changed...

current version of syslogupd = 0.43

Here the new version (I had done it but not published sorry)

history:
-syslogupd 0.34 (for people with Trap deamon without SQL option)
-Some changement (0.4) to function correctly with new and old Haloe & syslog
- 0.42 more debugging options
- 0.43 correction when php server don't return the cacti option

lyudell · Post by **lyudell** » Thu Nov 15, 2007 8:53 am

This seems to be working.

May the Great Bird of the Galaxy roost on your planet.

Thanks.

lyudell · Post by **lyudell** » Thu Nov 15, 2007 10:54 am

I'm sure that I'm missing something, although I may have found a bug.

I noticed that if I force an update and the KIWI log file doesn't exist, the screen appears to hang. If the log file exists, it works just fine...I think.

I seemed to be getting rather uneven updating on the log file updates to the db, but I'm not sure if there is a filter or something in play here or if it should be immediate.

If is send a test message, the KIWI log gets created.
Then forcing an update causes the log file to be processed (I think) and the TEMP file is larger.
However, the new entries do not show up in the database...are they supposed to? It seems some (not all) show up later.

How is the flow supposed to work?

Thanks.

apperrault · Post by **apperrault** » Thu Nov 15, 2007 12:15 pm

Great plugin!! I am having one problem though. I am getting the messages in Kiwi, and they are properly logging to the file. The problem i am having is with the poller process. It doesn't run on it's own. The only way i can get the data into the Syslog plugin is to manually click the Syslog Force Update button. Then, after pressing that, after the next poller runs, i see the updates in the Syslog plugin.

What am i missing...

thanks

app

pepj · Post by **pepj** » Fri Nov 16, 2007 6:07 pm

lyudell wrote: I noticed that if I force an update and the KIWI log file doesn't exist, the screen appears to hang...

I've changed a little bit the return method in version 0.41.

apperrault wrote: ...the poller process. It doesn't run on it's own. The only way i can get the data into the Syslog plugin is to manually click the Syslog Force Update button. Then, after pressing that, after the next poller runs, i see the updates in the Syslog plugin.

1/ install the new version 0.41 which add debugging functions
URL=http://forums.cacti.net/viewtopic.php?p=117245#117245
2/ check in config.php of syslogupd the "syslogfile" (where are the traps coming from KIWI) and "trapfile" (which is a temporary backup) temporary backup.
3/ set in cacti setting-->Misc->syslogupd the debug field to "full".
(perhaps you have to set cacti-log to LOW at least. )
4/ check the values in config.php of syslog.
syslogdb_username = "haloe";
syslogdb_password = "haloe";
syslog_config['syslogTable'] = 'syslog';
syslog_config['incomingTable'] = 'syslog_incoming';
5/ Look at the logfile of cacti
. 5a/ after a forceupdate
. 5b/ after 5min (polling of cacti)

DrivesMeCrazy · Post by **DrivesMeCrazy** » Sun Dec 09, 2007 8:49 pm

Hi pepj,

I am having same problem as apperrault.
Only when force syslogupdate, then the record will be inserted.

Is there a newer update version of syslogupd?
I installed the update plugin and being prompted for new version.
Where can I get it?

pepj wrote:
lyudell wrote: I noticed that if I force an update and the KIWI log file doesn't exist, the screen appears to hang...
I've changed a little bit the return method in version 0.41.

apperrault wrote: ...the poller process. It doesn't run on it's own. The only way i can get the data into the Syslog plugin is to manually click the Syslog Force Update button. Then, after pressing that, after the next poller runs, i see the updates in the Syslog plugin.
1/ install the new version 0.41 which add debugging functions
URL=http://forums.cacti.net/viewtopic.php?p=117245#117245
2/ check in config.php of syslogupd the "syslogfile" (where are the traps coming from KIWI) and "trapfile" (which is a temporary backup) temporary backup.
3/ set in cacti setting-->Misc->syslogupd the debug field to "full".
(perhaps you have to set cacti-log to LOW at least. )
4/ check the values in config.php of syslog.
syslogdb_username = "haloe";
syslogdb_password = "haloe";
syslog_config['syslogTable'] = 'syslog';
syslog_config['incomingTable'] = 'syslog_incoming';
5/ Look at the logfile of cacti
. 5a/ after a forceupdate
. 5b/ after 5min (polling of cacti)

pepj · Post by **pepj** » Tue Dec 11, 2007 5:17 pm

DrivesMeCrazy wrote: Is there a newer update version of syslogupd?

the last release is 0.42 URL=http://forums.cacti.net/viewtopic.php?p=117245#117245 (nothing new comparing 0.41 only some changes for the debugs)

DrivesMeCrazy wrote: I am having same problem as apperrault.
Only when force syslogupdate, then the record will be inserted.

When you force syslogupdate manually you are starting the same program/code as the poller (each 5 min.).
The question is why the poller don't start the PHP-script.

1/ cacti-log to "medium". and debug option of syslogupd (settings->Misc->syslogupd) to medium or full. Look at the cacti log file after 5 min.
- a/ do you see some ... SYSLOGUPD POLLER:syslogupd_poller_bottom ?
- b/ do you see "executed from syslogpoller" ?

Cacti

Syslog daemon on Windows (can logged to database)

syslogupd 0.42

Who is online