Help with Syslog plugin on CactiEZ

Addons for Cacti and discussion about those addons

Moderators: Developers, Moderators

Post Reply
ggdagg
Posts: 10
Joined: Thu Feb 21, 2013 12:07 pm

Help with Syslog plugin on CactiEZ

Post by ggdagg »

Hello,

I installed a CactiEZ 0.7 server and I would like to use the syslog plugin.
First I configured my server1 to send logs with syslog-ng to my CactiEZ. By default in CactiEZ, the "localhost" is sending all logs to the syslog but I cannot see my logs from the server I configured.

I checked the syslog plugin configuration and I can see in /var/www/html/plugins/syslog/config.php these lines :

Code: Select all

/* revert if you dont use the Cacti database */
$use_cacti_db = false;

if (!$use_cacti_db) {
        $syslogdb_type     = 'mysql';
        $syslogdb_default  = 'syslog';
        $syslogdb_hostname = 'localhost';
        $syslogdb_username = 'cactiuser';
        $syslogdb_password = 'yj1KDuW3';
        $syslogdb_port     = 3306;
So it's looks like my syslog plugin doesn't use the Cacti database but the syslog database (it's a bit confused as the parameter "$use_cacti_db" is false) I checked my syslog database and all entries are the same than my syslog plugin. But I still have no entries from my server1 I configured with syslog-ng. Did I miss something in the configuration ? Need I change my database ?

Thanks for your help.

PS : To be sure that my server1 was configured well, I installed a Kiwi syslog and I had some logs coming. So my problem is defenitely from my syslog plugin (or server).
ggdagg
Posts: 10
Joined: Thu Feb 21, 2013 12:07 pm

Re: Help with Syslog plugin on CactiEZ

Post by ggdagg »

Anyone can help me ?
Or someone can explain me how you configure your syslog server to receive information from syslog client ? It is automatic or not (I mean Cacti add automaticaly the hostname in his database) ?
Thanks
alireza1
Posts: 2
Joined: Thu Nov 03, 2011 5:04 am

Re: Help with Syslog plugin on CactiEZ

Post by alireza1 »

I think Cacti syslog plugin uses DNS or /etc/hosts file to identify hostnames.
so add ip address and hostname of your syslog agents to DNS or /etc/hosts file.
Also in console tab of cacti click on settings under Configuration part,
click on syslog tab and check if validate hostnames is checked or not.
another problem may be in you firewall. check whether your firewall is configured to accept incomming packets with UDP/TCP protocol destination port of 514 or any other port you use.
ggdagg
Posts: 10
Joined: Thu Feb 21, 2013 12:07 pm

Re: Help with Syslog plugin on CactiEZ

Post by ggdagg »

Thanks for these explanations.
I followed them but still not working but it's give some way to find my problems/errors.

For info, my Cacti server and my monitored servers are on the same LAN no firewall between them.
Thanks for your reply and I will update if some day it's working !
cigamit
Developer
Posts: 3367
Joined: Thu Apr 07, 2005 3:29 pm
Location: B/CS Texas
Contact:

Re: Help with Syslog plugin on CactiEZ

Post by cigamit »

1. Look at the syslog database, and check the tables to see if things are being entered into the syslog_incoming table.
2. If nothing in the DB, ensure the firewall is setup correctly and that rsyslog is running. It should be by default for CactiEZ.
3. If the Firewall is correct, you might want to try doing a tcpdump and see if the server is sending syslog messages to the Cacti server.
hammer733
Posts: 22
Joined: Fri Aug 20, 2010 6:47 pm

Re: Help with Syslog plugin on CactiEZ

Post by hammer733 »

Did you ever find out the issue. Seems to be same problem I am having. I can see local server syslogs but not all the external ones being sent from cisco devices. Shut down IPtables but no still no incoming logs. I am also using the latest CatiEZ. Ideas?
cigamit
Developer
Posts: 3367
Joined: Thu Apr 07, 2005 3:29 pm
Location: B/CS Texas
Contact:

Re: Help with Syslog plugin on CactiEZ

Post by cigamit »

hammer733 wrote:Did you ever find out the issue. Seems to be same problem I am having. I can see local server syslogs but not all the external ones being sent from cisco devices. Shut down IPtables but no still no incoming logs. I am also using the latest CatiEZ. Ideas?
Did you try all the steps mentioned? Particularly the tcpdump, etc... since you need to first verify that the logs are getting to the system correctly. A netstat to ensure that the server is listening on 0.0.0.0:512... there are a lot of different things it could be.
musangbeku
Posts: 5
Joined: Tue Jul 23, 2013 8:47 pm

Re: Help with Syslog plugin on CactiEZ

Post by musangbeku »

Hi

I have same problem but still couldn't resolve it.

I already try the tcpdump but there isn't any incoming beside my localhost.
I also already configure my DNS both in cacti setting and in my sysconfig, but still no effect. Just localhost log appear in syslog.
My firewall is allow 512 and rsyslog is running.
In php syslog_incoming is filled with just localhost.

Can you give me some clue or where should I check next?

Thanks :D

Here is my rsyslog.conf. I just edited the imudp and imtcp and added #### extended,


# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerAddress <my server ip address>
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

#### extended ####
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
*.* @@<my server ip address>:514
#### extended ####

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >127.0.0.1,syslog,cactiuser,password;cacti_syslog
musangbeku
Posts: 5
Joined: Tue Jul 23, 2013 8:47 pm

Re: Help with Syslog plugin on CactiEZ

Post by musangbeku »

Anyone can help me? :D
musangbeku
Posts: 5
Joined: Tue Jul 23, 2013 8:47 pm

Re: Help with Syslog plugin on CactiEZ

Post by musangbeku »

Still need help :)
gurulee
Posts: 14
Joined: Fri Nov 08, 2013 1:23 pm
Location: CT

Re: Help with Syslog plugin on CactiEZ

Post by gurulee »

I have this problem too. All I see is the localhost in my syslog under hosts. It is not showing my other remote firewalls and routers pushing syslog to Cacti...?
_________________
Lee
"knowledge breeds confidence, confidence breeds success"
gurulee
Posts: 14
Joined: Fri Nov 08, 2013 1:23 pm
Location: CT

Re: Help with Syslog plugin on CactiEZ

Post by gurulee »

bump; can someone help me with getting remote hosts to show in syslog? Only localhost shows for some reason...

All I see mainly are these two localhost messages:

Code: Select all

(root) CMD (php /var/www/html/poller.php > /dev/null 2>&1)

Code: Select all

Connection from UDP: [127.0.0.1]:35545->[127.0.0.1]
_________________
Lee
"knowledge breeds confidence, confidence breeds success"
chriscastsphp
Posts: 1
Joined: Thu Jan 09, 2014 6:07 pm

Re: Help with Syslog plugin on CactiEZ

Post by chriscastsphp »

Check out this comment, it should get you fixed up.

http://forums.cacti.net/viewtopic.php?p=235504#p235504

[Update]:

Don't forget to restart syslog

Code: Select all

/etc/init.d/rsyslog restart
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests