[HOWTO] Install Syslog 0.5.2 plugin on Linux/Unix Cacti vers

[noflies]

HOW-TO Install Syslog 0.5.2 plugin on Linux/Unix Cacti versions 0.8.7, 0.8.7a and 0.8.7b
-------------------------------------------------------------------------------------------
[submitted by noflies, 26 Feb 2008]
[updated by noflies, 16 May 2008 with suggestions by joez...adding "SQL grant priv" commands in 4a]

NOTE: These instructions reference variables for documentation purposes only.
<cacti_path> Cacti's root path (usually /var/www/html or /usr/share/cacti)
<cacti_user> Cacti's user for polling access (usually cacti or cactiuser)
<cacti_pass> Cacti's password for polling access (usually cacti or cactiuser)
<cacti_dbuser> Cacti's user for database access (usually cacti or cactiuser)
<cacti_dbpass> Cacti's password for database access (usually cacti or cactiuser)
<http_user> HTTP daemon user for running web server (usually apache)
<http_pass> HTTP daemon password for running web server
Substitute your specific locations and parameters.

1. Install, configure and test SYSLOG-NG per instructions within the syslog-ng package/tar.
Make sure syslog-ng is working as you expect before continuing.

2. Download the syslog plugin from cactiusers.org.
As of 25 Feb 2008, the syslog plugin is located at <"http://cactiusers.org/downloads/syslog.tar.gz">.
Version 0.5.2, maintained by Jimmy Conner. [THANKS Jimmy!!!]
Untar it into the directory <cacti_path>/plugins/syslog

3. Edit the <cacti_path>/plugins/syslog/config.php with your installation's database name and user credentials.
Here is an EXAMPLE only;

Code: Select all

$syslogdb_type     = 'mysql';
$syslogdb_default  = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = '<cacti_dbuser>';
$syslogdb_password = '<cacti_dbpass>';

NOTE: Change the above user credentials to your specific installation.

4. Create the syslog database with the syslog.sql commands.

Code: Select all

shell> mysqladmin --user=root create syslog
shell> mysql syslog < <cacti_path>/plugins/syslog/syslog.sql

NOTE: The syslog.sql file is in the syslog plugin tar file.

4a. Grant privileges to cactidb_user for the syslogdb_default.

Code: Select all

shell# mysql --user=root --password
Enter password: ********
mysql> GRANT ALL ON <syslogdb_default>.* TO <cacti_dbuser>@<syslogdb_hostname> IDENTIFIED BY '<cacti_dbpass>';
mysql> flush privileges;
mysql> exit

NOTE: Change the above user credentials to your specific installation.

5. Edit the /etc/init.d/syslog-ng file.
--INSERT the following line AFTER the "start() {" line

Code: Select all

/sbin/syslogtomysql &

--INSERT the following line AFTER the "stop() {" line

Code: Select all

killall -9 syslogtomysql > /dev/null

6. Create the /sbin/syslogtomysql bash script.

Code: Select all

#!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
        mkfifo /tmp/mysql.pipe
fi  

while [ -e /tmp/mysql.pipe ]
do
        mysql -u <cacti_dbuser> --password=<cacti_dbpass> syslog < /tmp/mysql.pipe
done

NOTE: Change the above user credentials to your specific installation.

7. Change the /sbin/syslogtomysql file permissions to 755 owned by root:root.

Code: Select all

shell> chmod 755 /sbin/syslogtomysql
shell> chown root:root /sbin/syslogtomysql

8. ADD the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file

Code: Select all

source net {
    udp();
};

destination d_mysql {
    pipe("/tmp/mysql.pipe"
    template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
    template-escape(yes)
     );
};

log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };

NOTE: The "template(" line begins with "template(" and ends with the $MSG' );\n"). The line may appear to wrap due to the length of the line. MAKE SURE your config file does not break the line apart.

9. Restart the syslog-ng daemon. Typically by using one of the following:

Code: Select all

shell> service syslog-ng restart

-OR-

Code: Select all

shell> kill -HUP syslog-ng

10. Add the syslog plugin to the $plugins_array in <cacti_path>/include/global.php
At ABOUT line 46; INSERT the following line AFTER the "$plugins[] = 'settings';"

Code: Select all

$plugins[] = 'syslog';

11. Verify user rights and permissions on the syslog/plugin files

Code: Select all

shell> chown -R <http_user>:<http_user> <cacti_path>/plugins/syslog/
shell> chmod -R 644 <cacti_path>/plugins/syslog/

NOTE: Change the above user credentials to your specific installation.

12. Within cacti, grant user rights for Syslog plugin/realm.
Navigate to Console ->
Utilities ->
User Management ->
<SELECT USER>
Realm Permissions ->
Enable "View Syslog" and/or "Configure Syslog Alerts/Reports"
Click Save.

That should do it. Now repeat your syslog-ng testing you completed in step 1 to verify syslog-ng was working.
Within Cacti, you should begin to see those syslog entries on the syslog tab.

Please post any updates/suggestions to this HOWTO in this forum.
Please post any issues with the syslog plugin in the PLUGINS-General forum.

[joez]

Isnt something like

Code: Select all

GRANT
ALL ON syslog.* TO cactiuser@localhost IDENTIFIED BY ’password’;

missing here?

[joez]

the line

Code: Select all

log { source(s_sys); destination(d_mysql); };

also caused my syslog-ng to fail on restart, because s_sys is unknown.

....

I have to say that the README contained in the syslog-plugin sucks, because it does not let you know that there is a lot more stuff to do to get the plugin actually work. Alot of users spending unnecessary time to find out... cant understand why the author does not change the README...

I now see the GUI when clicking on syslog-tab, however for some reason nothing gets imported to my sql database (syslog_incoming is empty) hmmmmmmmmm

thanks
joez

[noflies]

@joez--Thanks for the feedback...I didn't need to grant specific access, but I will test on a new install of 087b and verify.

Can you post errors from syslog-ng starting up?

As you stated, the README could use a bit more updating...please feel free to add to it or re-write...I'm sure Jimmy would welcome feedback.

[joez]

I cant remember the exact error message, but the reason was that the source "s_sys" was not defined in my syslog-ng config file after installing it with a package manager. The standard source is labeled "src", could be suse specific tho, as I am using opensuse 10.3.

After playing around I finally managed to get the plugin working, but it wouldnt have worked without the permission grants I posted above.

joez

[blugger]

hi!

is have the same problem. I cant start the syslog server with the changed config file. I get the following output.

"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"

Pleas help!

BR
B.

[sterpstra]

hi!

is have the same problem. I cant start the syslog server with the changed config file. I get the following output.

"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"

Pleas help!

BR
B.

Same problem here:
Error in configuration, unresolved source reference, source ='s_sys'

Anyone have a fix for this yet?

[streaker69]

I think he missed a couple lines in his configuration file..

Here's what the file should look like:

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
# - for Red Hat 7.3
# - totally do away with klogd
# - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
# - use the log_prefix option as per Balazs Scheidler's email
#

options {
sync(0);
time_reopen(10);
log_fifo_size(1024);
long_hostnames(on);
use_dns(yes);
use_fqdn(yes);
create_dirs(no);
keep_hostname(yes);
};

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_kernel { file("/var/log/kern"); };


filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or program("kernel")); };

filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_kernel { level(info) and program("kernel"); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_kernel); destination(d_kernel); };

source net {
udp();
};


destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};

log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };

# vim: syntax=syslog-ng

Pay attention to the lines in Bold.. You'll need to add those in, then restart syslog-ng.

[Da nny]

All SuSE Linux Users. Make Sure that apparmor is not running before you begin the steps Outlined in this HOW TO DOC. It blocks syslog-ng from sending data into the pipe.It should be disabled for smooth running of this plugin setup.

[bhajan]

use source ='src' in syslog-ng.cong file in plce of source ='s_sys'

[mfranzoi]

hi!

is have the same problem. I cant start the syslog server with the changed config file. I get the following output.

"
cacti:/etc/syslog-ng # syslog-ng start
unresolved reference: s_sys
"

Pleas help!

BR
B.

Same problem here:
Error in configuration, unresolved source reference, source ='s_sys'

Anyone have a fix for this yet?

Maybe your source is s_all. Just make this change in yout last line.

( change s_sys to s_all )

[colthe]

If you syslog-ng.conf like below:
######
# sources

# all known message sources
source s_all {

that you can revise s_sys to s_all.
It works fine on my ubuntu system.

[vikingmaster]

thx

[hpsmartyz]

noflies, all

many thanks for this valuable HOWTO.
I have used it and I am running Cacti/Syslog-ng on a Synology.
Yet I have a problem, syslog-ng/syslogtomysql badly restart after a reboot
Let me explain:

I have followed all your steps and the start-up script of syslog-ng (S80syslog-ng) simply looks like
sh /path/to/syslogtomysql.sh &
/path/to/syslog-ng -f /path/to/syslog-ng/syslog-ng.conf

The script is effectively run at startup yet the mysql-syslog "link" does not seem effective.
When I run the script manually the mysql-syslog "link" is effective.
Indeed, in the first case I see two running processes
sh /path/to/syslogtomysql.sh
/path/to/syslog-ng -f //path/to/syslog-ng/syslog-ng.conf
and logs do not appear in Cacti

while in the second I have three:
sh /path/to/syslogtomysql.sh
/path/to/syslog-ng -f /path/to/syslog-ng/syslog-ng.conf
mysql -u the user -password=the pass db
and logs do appear in cacti.

I have taken care that the S80syslog-ng script is launched after the mysql startup script.

I would really welcome any help on this.

I have a side issue
At a moment when syslog was properly running, I deleted (for test purposes) mysql.pipe. I thought, seeing the syslogtomysql script that it would end but did not ...

many thanks

[hpsmartyz]

all,

I found the solution.
Because apparently some environment variables are not yet loaded at the moment the script is launched, the call to mysql (which is installed on my NAS via IPKG) fails.
I simply added to full path to mysql and everything works fine.

By the way, setting the priviledges:

Code: Select all

chmod -R 644 <cacti_path>/plugins/syslog/

does not work on my device

Code: Select all

chmod -R 655 <cacti_path>/plugins/syslog/

does work however