Help with Syslog

[paleogryph]

I have managed to get the syslog plugin installed. I'm running 0.8.7h. My question is how to get data from remote devices to show up. I'm only seeing data from the localhost... I have two other devices on the network and in the same subnet pointing their UDP port 514 syslog messages facility 7 to my Cacti box, but nothing shows up.

1. I'm unclear on whether I need both syslog and rsyslog running.
Right now they are both running:
root 4421 1 0 12:11 ? 00:00:00 ./rsyslogd -c3
root 9009 1 0 13:14 ? 00:00:02 syslogd -r -m 0
root 9012 1 0 13:14 ? 00:00:00 klogd -x
It seems since I put syslog in "-r" that I haven't been getting even data from the localhost...

2. netstat shows:
udp 0 0 0.0.0.0:514 0.0.0.0:* 9009/syslogd
I assume rsyslogd uses the same port...?

3. I can see data from one of the devices via tcpdump:
Facility local7 (23), Severity notice (5)
Msg: "remote device name": RemoteDevice device_id="remote device name" [Root]system-noti[|syslog]
13:54:25.951873 IP (tos 0x0, ttl 64, id 2002, offset 0, flags [none], proto: UDP (17), length: 331) "remote ip address".58138 > "cacti ip address".syslog: SYSLOG, length: 303


Since I have the plugin working, I know this is more of a straight-ahead Linux question. I've never had problems getting syslog to work. Since it is rsyslog that is used with the Cacti plugin, I think I may have things wrong there?

Here is my /etc/rsyslog.conf
$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%time
reported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >localhost,cacti,cactiuser,cactipw;cacti_syslog

# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log
~
~

Any help is greatly appreciated.

[joseme]

Hi:
Some steps to get rsyslog running.
1. you must stop the default syslog. Only rsyslog must be running
2. Open the 514 UDP port on your firewall (Linux)
3. you must add on your rsyslog.conf
$modload imudp
$UDPServerRun 514
4. restart rsyslog service
5. check /var/log/messages

good luck!

[paleogryph]

Joseme, you da man!
It worked.

A thousand thanks!