Problem with Syslog Monitoring 1.22 + rsyslog

[panth]

Hello!
I've tried to configure rsyslogd with Cacti Syslog Monitoring without much luck so far.

Configured everything as described in: http://docs.cacti.net/plugin:syslog.config

1. Distro - Debian Squeeze
2. Installed rsyslog and rsyslog-mysql - created new database with a name "syslog"
3. Granted access to this database for user "cacti", granted all permissions
4. Configured /etc/rsyslogd.conf and ./cacti/site/plugins/syslog/config.php to have the proper paths and users.
5. Enabled /etc/rsyslogd.conf UDP/TCP syslog reception

Now the table syslog_incoming is filling with new messages, but the tables syslog and syslog_statistics remain empty?

The question is - what am I doing wrong? I've read the messages according to similar problems but not found an answer. Below there are some parts of my configuration.

Thanks in advance for help.

PH

---- bash
# mysql -V
mysql Ver 14.14 Distrib 5.1.49, for debian-linux-gnu (x86_64) using readline 6.1
# rsyslogd -v
rsyslogd 4.6.4, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
FEATURE_NETZIP (message compression): Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
Atomic operations supported: Yes
Runtime Instrumentation (slow code): No

# /usr/bin/php -q /usr/share/cacti/site/plugins/syslog/syslog_process.php --debug

SYSLOG: Syslog Table IS Partitioned
SYSLOG: Unique ID = 97
SYSLOG: Found 0, New Message(s) to process
SYSLOG: Stats 0, Record(s) to the 'syslog_statistics' table
SYSLOG: Found 0, Removal Rule(s) to process
SYSLOG: Found 0, Alert Rules to process
SYSLOG: Moved 0, Message(s) to the 'syslog' table
SYSLOG: Deleted 0, Already Processed Message(s) from incoming
SYSLOG: Deleted 0, Syslog Statistics Record(s)
SYSLOG: Deleted 0, Syslog alarm log Record(s)
SYSLOG: Processing Reports...
SYSLOG: We have 0 Reports in the database
SYSLOG: Finished processing Reports...
01/20/2012 02:19:45 PM - SYSTEM SYSLOG STATS:Time:0.12 Deletes:0 Incoming:0 Removes:0 XFers:0 Alerts:0 Alarms:0 Reports:0

#mysql -u cacti -p syslog

mysql> select date, host, message from syslog_incoming;
.... (table populated by rsyslogd)
180 rows in set (0.00 sec)

mysql> select * from syslog;
Empty set (0.00 sec)

mysql> show grants;
+--------------------------------------------------------------------------------------------------------------+
| Grants for cacti@localhost |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'cacti'@'localhost' IDENTIFIED BY PASSWORD '*hash' |
| GRANT ALL PRIVILEGES ON `cacti`.* TO 'cacti'@'localhost' |
| GRANT ALL PRIVILEGES ON `syslog`.* TO 'cacti'@'localhost' |
+--------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)



----
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html


#################
#### MODULES ####
#################

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >localhost,syslog,cacti,password;cacti_syslog

*.* :ommysql:localhost,syslog,cacti,password


$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad immark # provides --MARK-- message capability

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514



---- ./cacti/site/plugins/syslog/config.php
$use_cacti_db = false;

if (!$use_cacti_db) {
$syslogdb_type = 'mysql';
$syslogdb_default = 'cacti';
$syslogdb_hostname = 'localhost';
$syslogdb_username = 'cacti';
$syslogdb_password = 'password';
$syslogdb_port = 3306;
}else{
$syslogdb_type = 'mysql';
$syslogdb_default = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = 'cacti';
$syslogdb_password = 'password';
$syslogdb_port = 3306;

[cigamit]

I believe your syslog/config.php is configured wrong.

See the part where it says

Code: Select all

if (!$use_cacti_db) {

Your syslog db information should be after that, instead you have it backwards.

Another way to fix it is just to remove the !

[egarnel1]

I had to edit the /etc/rsyslog.conf file in CentOS 4 to reflect the following:

Code: Select all

$ModLoad ommysql.so

not

$ModLoad ommysql

That fixed it for me