SNMPTT/SYSLOG viewer Plugin for Cacti. v 1.4.3 (2009/02/06)

GuessWho · Post by **GuessWho** » Wed Jan 14, 2009 9:41 am

>It is error in message. In realy - plugin delete records from db.
>Fixed in next version.

Great thanks.

>No data in mysql db ?

No there is nothing in the plugin_snmptt_statistics table.

GuessWho · Post by **GuessWho** » Wed Jan 14, 2009 1:04 pm

Found the duplicate trap messages. I had to change my snmptrapd init script to use the -C and the -c flag. The -C tells snmptrapd to ignore default configuration files.

GuessWho · Post by **GuessWho** » Wed Jan 14, 2009 1:45 pm

Found the problem with the stats too....

according to the snmptt.ini file the stats are generate as follows:

# How often in seconds statistics should be logged to syslog or the event log.
# Set to 0 to disable
# 1 hour = 216000
# 12 hours = 2592000
# 24 hours = 5184000

According to my calculations 216000 is actually 60 hours not 1 hour. Unfortunately I didn't catch this which is pretty stupid of me but I have now it set to 10 seconds for testing and it is working properly.

Please correct me if my calculations are incorrect.

gthe · Post by **gthe** » Tue Jan 20, 2009 10:53 am

New version released in first post:
May be the best way - is to rename plugin ? ([cmv - cacti message viewer] or [cmm - cacti message manager])

--- 1.3.9 with Syslog ---

- Added Syslog tab. It may be use both/seperetly with cacti SYSLOG plugin. ([HOWTO] Install Syslog 0.5.2 plugin on Linux/Unix Cacti vers - http://forums.cacti.net/viewtopic.php?t=26040)
--For use syslog tab WITHOUT old cacti SYSLOG plugin:
Change the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file:
Code: Select all
```
				source net {
					udp();
				};
				destination d_mysql {
				    pipe("/tmp/mysql.pipe"
				    template("INSERT INTO plugin_snmptt_syslog (host, sourceip, facility, priority, sys_date, message, status) VALUES ( '$HOST',  '$SOURCEIP', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$MSG', '0' );\n")
				    template-escape(yes)
				     );
				};

				log { source(net); destination(d_mysql); };
				log { source(s_sys); destination(d_mysql); };
			
```
--For use syslog tab AND old cacti SYSLOG plugin:
Change the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file:
Code: Select all
```
				source net {
					udp();
				};
				destination d_mysql {
				    pipe("/tmp/mysql.pipe"
			            template("INSERT INTO syslog_incoming (host, sourceip, fullhost, facility, priority, date, time, message) VALUES ( '$HOST',  '$SOURCEIP', '$FULLHOST','$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );
								INSERT INTO plugin_snmptt_syslog (host, sourceip, facility, priority, sys_date, message, status) VALUES ( '$HOST',  '$SOURCEIP', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$MSG', '0' );\n")
				    template-escape(yes)
				     );
				};

				log { source(net); destination(d_mysql); };
				log { source(s_sys); destination(d_mysql); };
```
- Optimize sql for create tree menu (for 1000000 traps create tree menu take 3-5 sec);
- Added Setting tab;
- Switch to use ExtJS v 2.2;
- In rules added "Force run" function - run this rule for already processed records (traps or syslog);
- Update for graph and cacti/scripts/ss_snmpttpoller.php in addons.rar/graph

Fix:
- Fixed error when deleting unk. traps records;
- Fix error in poller auto purge deleting;
- Fix error with incorrect [plugin_snmptt_alert] table when first install plugin;

Minor updates:
- Allow Email Message field in rule be blank;
- Added patch to autosize column header width on Dbl click;
- For Syslog treeMenu added full expand/collapse all menu items and quick filter.

GuessWho · Post by **GuessWho** » Tue Jan 20, 2009 11:46 am

gthe,
It looks like you have made the syslog plugin a requirement? I do not run the syslog pluin and don't really want to add it....is there a way to run without the syslog plugin on your new version. I receive the following errors when i try to run the new version.

01/20/2009 11:32:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/20/2009 11:32:07 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/20/2009 11:32:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=2 where status=1'
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:33:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:34:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt;"
01/20/2009 11:35:03 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1146', SQL:"select count(*) from plugin_snmptt_unknown;"
01/20/2009 11:36:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/20/2009 11:36:07 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/20/2009 11:36:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=2 where status=1'
01/20/2009 11:36:08 AM - CMDPHP: Poller[0] ERROR: SQL Assoc Failed!, Error:'1142', SQL:"SELECT host, date(`sys_date`) as day_noumber, count(*) as count_rows FROM `syslog_ng`.`plugin_snmptt_syslog` where date(`sys_date`) < date('2009-01-13') group by host, date(`sys_date`) HAVING count_rows > 1200 order by count_rows;"
01/20/2009 11:36:08 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"SELECT count(*) from `syslog_ng`.`plugin_snmptt_syslog`"
01/20/2009 11:36:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=2 where status=1'
01/20/2009 11:37:08 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'

gthe · Post by **gthe** » Wed Jan 21, 2009 1:39 am

Yep..

sorry
I fix it in last version (in first post).

- Add Syslog tab unused by default. For use it - change [Use SYSLOG] parameter in settings tab AND reload plugin page.

P.s. and update ss_snmpttpoller.php from addons.rar to <cacti>/scripts/

GuessWho · Post by **GuessWho** » Wed Jan 21, 2009 8:09 am

Gthe,
That worked nicely! Thank you.

I did receive one error on the upgrade but it appears to be for syslog.

01/21/2009 08:02:10 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'

Is there anyway for me to remove the syslog tab since I am not using it?

Also in the rules section what do the options "Execute user function" and "Mark Record" actually do?

Thanks.

GuessWho · Post by **GuessWho** » Wed Jan 21, 2009 9:26 am

gthe,
I was getting the following errors in my logs:

01/21/2009 08:30:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) from syslog_ng.plugin_snmptt_syslog;"
01/21/2009 08:30:04 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) from syslog_ng.plugin_snmptt_syslog;"
01/21/2009 08:30:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"UPDATE `syslog_ng`.`plugin_snmptt_syslog` set status=1 where status=0'
01/21/2009 08:30:07 AM - CMDPHP: Poller[0] ERROR: SQL Cell Failed!, Error:'1142', SQL:"select count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` where status=1"
01/21/2009 08:30:07 AM - CMDPHP: Poller[0] ERROR: A DB Exec Failed!, Error:'1142', SQL:"INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`) SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl GROUP BY `host`, `facility`'

So I modified snmptt_poller.php and added if statements at the appropriate locations to evalute if ($snmptt_use_syslog == "1").
The functions I have modified are: function process_alerts()
And in lib/snmptt)functions.php I modified snmptt_poller_recreate_tree() by commenting the following lines.

//db_execute("INSERT INTO `plugin_snmptt_tree` (`hostname`,`eventname`,`type`,`agentip_source`,`count`)
// SELECT `sysl`.`host`, `sysl`.`facility`, 't_syslog',`sysl`.`sourceip`,count(*) FROM `syslog_ng`.`plugin_snmptt_syslog` as sysl
// GROUP BY `host`, `facility`");

Also in the new ss_snmpttpoller.php i changed the if statement from
if (read_config_option("snmptt_use_syslog") == "0")
to
if (read_config_option("snmptt_use_syslog") == "1")

From reading your other code I think it should be set to 1 anyway?

GuessWho · Post by **GuessWho** » Wed Jan 21, 2009 1:23 pm

I decided to switch back to 1.2.22 since the integration of syslog seems pretty strong and I don't want to run that plugin. I use the server as only an snmp poller and snmp trap reciver so having it be a syslog server just doesn't fit.
Thanks.

gthe · Post by **gthe** » Sat Jan 24, 2009 12:12 pm

New version in first post must fix all error.

munozm · Post by **munozm** » Sat Jan 24, 2009 11:16 pm

Great Plugin. It seems that SNMP traps are working. I tried to use the syslog portion (currently using the syslog plugin), but I'm not seeing anything.
I looked in the database and only see:
| plugin_snmptt
| plugin_snmptt_alert
| plugin_snmptt_statistics
| plugin_snmptt_tree
| plugin_snmptt_unknown

I don't seem to have the plugin_snmptt_syslog table. I'm sure its something simple on my end. Any thoughts? Thanks.

gthe · Post by **gthe** » Sun Jan 25, 2009 5:44 am

It must be on syslog_ng database, not cacti!
And enable syslog in settings tab.

munozm · Post by **munozm** » Sun Jan 25, 2009 12:25 pm

gthe · Post by **gthe** » Sun Jan 25, 2009 1:16 pm

Oh. yes.
Ok, I do it in settings in next ver.

munozm · Post by **munozm** » Sun Jan 25, 2009 2:54 pm

I changed the database and I'm now getting syslog messages in your great snmptt plugin.

I'm testing some of the rules and notice a few things.

I have the rule type to syslog.
Initially I was matching on host='192.168.168.1' and was seeing matches, then it stopped. I deleted the rule, re-added it but the count now stays at 0. If I use the test button, it shows what should be the matches.

When I try and use syslog-priority, it only shows Normal for a drop down and doesn't seem to let me change it or add manually. Your Syslog section shows it properly though, info, notice, err, warning, etc. under priority.

For syslog-facility, it only shows options in the dropdown that are actually under Eventname under the trap section for the same device. Your syslog section shows it properly though, local4, etc. under facility.

Thanks for your help.

SNMPTT/SYSLOG viewer Plugin for Cacti. v 1.4.3 (2009/02/06)

Who is online