Hello!
I've tried to configure rsyslogd with Cacti Syslog Monitoring without much luck so far.
Configured everything as described in: http://docs.cacti.net/plugin:syslog.config
1. Distro - Debian Squeeze
2. Installed rsyslog and rsyslog-mysql - created new database with a name "syslog"
3. Granted access to this database for user "cacti", granted all permissions
4. Configured /etc/rsyslogd.conf and ./cacti/site/plugins/syslog/config.php to have the proper paths and users.
5. Enabled /etc/rsyslogd.conf UDP/TCP syslog reception
Now the table syslog_incoming is filling with new messages, but the tables syslog and syslog_statistics remain empty?
The question is - what am I doing wrong? I've read the messages according to similar problems but not found an answer. Below there are some parts of my configuration.
Thanks in advance for help.
PH
---- bash
# mysql -V
mysql Ver 14.14 Distrib 5.1.49, for debian-linux-gnu (x86_64) using readline 6.1
# rsyslogd -v
rsyslogd 4.6.4, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
FEATURE_NETZIP (message compression): Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
# /usr/bin/php -q /usr/share/cacti/site/plugins/syslog/syslog_process.php --debug
SYSLOG: Syslog Table IS Partitioned
SYSLOG: Unique ID = 97
SYSLOG: Found 0, New Message(s) to process
SYSLOG: Stats 0, Record(s) to the 'syslog_statistics' table
SYSLOG: Found 0, Removal Rule(s) to process
SYSLOG: Found 0, Alert Rules to process
SYSLOG: Moved 0, Message(s) to the 'syslog' table
SYSLOG: Deleted 0, Already Processed Message(s) from incoming
SYSLOG: Deleted 0, Syslog Statistics Record(s)
SYSLOG: Deleted 0, Syslog alarm log Record(s)
SYSLOG: Processing Reports...
SYSLOG: We have 0 Reports in the database
SYSLOG: Finished processing Reports...
01/20/2012 02:19:45 PM - SYSTEM SYSLOG STATS:Time:0.12 Deletes:0 Incoming:0 Removes:0 XFers:0 Alerts:0 Alarms:0 Reports:0
#mysql -u cacti -p syslog
mysql> select date, host, message from syslog_incoming;
.... (table populated by rsyslogd)
180 rows in set (0.00 sec)
mysql> select * from syslog;
Empty set (0.00 sec)
mysql> show grants;
+--------------------------------------------------------------------------------------------------------------+
| Grants for cacti@localhost |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'cacti'@'localhost' IDENTIFIED BY PASSWORD '*hash' |
| GRANT ALL PRIVILEGES ON `cacti`.* TO 'cacti'@'localhost' |
| GRANT ALL PRIVILEGES ON `syslog`.* TO 'cacti'@'localhost' |
+--------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
----
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >localhost,syslog,cacti,password;cacti_syslog
*.* :ommysql:localhost,syslog,cacti,password
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
---- ./cacti/site/plugins/syslog/config.php
$use_cacti_db = false;
if (!$use_cacti_db) {
$syslogdb_type = 'mysql';
$syslogdb_default = 'cacti';
$syslogdb_hostname = 'localhost';
$syslogdb_username = 'cacti';
$syslogdb_password = 'password';
$syslogdb_port = 3306;
}else{
$syslogdb_type = 'mysql';
$syslogdb_default = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = 'cacti';
$syslogdb_password = 'password';
$syslogdb_port = 3306;
Problem with Syslog Monitoring 1.22 + rsyslog
Moderators: Developers, Moderators
Re: Problem with Syslog Monitoring 1.22 + rsyslog
I believe your syslog/config.php is configured wrong.
See the part where it says
Your syslog db information should be after that, instead you have it backwards.
Another way to fix it is just to remove the !
See the part where it says
Code: Select all
if (!$use_cacti_db) {
Another way to fix it is just to remove the !
Re: Problem with Syslog Monitoring 1.22 + rsyslog
I had to edit the /etc/rsyslog.conf file in CentOS 4 to reflect the following:
not
$ModLoad ommysql
That fixed it for me
Code: Select all
$ModLoad ommysql.so
$ModLoad ommysql
That fixed it for me
Was registered as egarnel in the past, but now egarnel1
Who is online
Users browsing this forum: No registered users and 2 guests