syslog 1.22 cannot read syslog_incoming messages

[XTech]

It looks like conflict between nectar and thold plugins crashed poller cycle. Try to disable nectar plugin for a while.

[francly]

Yes, I have disabled the netcar and I got a same syslog output result, like you have.

Waiting on 1 of 1 pollers.
Waiting on 1 of 1 pollers.
Waiting on 1 of 1 pollers.
06/15/2012 10:21:29 AM - SYSTEM STATS: Time:218.6006 Method:cmd.php Processes:1 Threads:N/A Hosts:198 HostsPerProcess:198 DataSources:14250 RRDsProcessed:5258
Loop Time is: 218.6
Sleep Time is: 81.39
Total Time is: 218.61
06/15/2012 10:21:29 AM - POLLER: Poller[0] DEBUG: About to Spawn a Remote Process [CMD: /usr/bin/php, ARGS: -q /var/www/cacti/plugins/syslog/syslog_process.php]
06/15/2012 10:21:29 AM - WEATHERMAP: Poller[0] Weathermap 0.97a starting - Normal logging mode. Turn on DEBUG in Cacti for more information

06/15/2012 10:21:29 AM - WEATHERMAP: Poller[0] [Map 2] YTL: Map: /var/www/cacti/plugins/weathermap/configs/xxx -> /var/www/cacti/plugins/weathermap/output/516f745993401e760ddc.html & /var/www/cacti/plugins/weathermap/output/516f745993401e760ddc.png
06/15/2012 10:21:29 AM - WEATHERMAP: Poller[0] WARNING: [Map 2] xxx: OVERLIBGRAPH is used, but HTMLSTYLE is static. This is probably wrong. [WMWARN41]
06/15/2012 10:21:29 AM - WEATHERMAP: Poller[0] [Map 2] YTL: About to write image file. If this is the last message in your log, increase memory_limit in php.ini [WMPOLL01]
06/15/2012 10:21:29 AM - WEATHERMAP: Poller[0] [Map 2] YTL: Wrote map to /var/www/cacti/plugins/weathermap/output/516f745993401e760ddc.png and /var/www/cacti/plugins/weathermap/output/516f745993401e760ddc.thumb.png
06/15/2012 10:21:29 AM - WEATHERMAP: Poller[0] STATS: Weathermap 0.97a run complete - Fri, 15 Jun 12 10:21:29 +0800: 1 maps were run in 0 seconds with 1 warnings.

[XTech]

So, as I can see below, now your syslog poller process spawned successfully. Did the logs have processed now?

Code: Select all

06/15/2012 10:21:29 AM - POLLER: Poller[0] DEBUG: About to Spawn a Remote Process [CMD: /usr/bin/php, ARGS: -q /var/www/cacti/plugins/syslog/syslog_process.php

[francly]

So, as I can see below, now your syslog poller process spawned successfully. Did the logs have processed now?

Code: Select all

06/15/2012 10:21:29 AM - POLLER: Poller[0] DEBUG: About to Spawn a Remote Process [CMD: /usr/bin/php, ARGS: -q /var/www/cacti/plugins/syslog/syslog_process.php

Hi, sorry for very late reply, I find nectar is conflict, after remove this plugin the syslog poller process is normal now, thanks a lot for the help

I found another issue with the hostname display on the cacti syslog hostname list, currently all display as IP address, I have added the mapping entry in the/etc/hosts but it's not taken, any idea?

[XTech]

Hi! Look to a quote from your syslog-ng.conf:

Code: Select all

options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);

You must change use_dns to yes if you want to see names instead of IP's, and working DNS server in your network is very appropriate.

[francly]

Hi! Look to a quote from your syslog-ng.conf:

Code: Select all

options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);

You must change use_dns to yes if you want to see names instead of IP's, and working DNS server in your network is very appropriate.

Hi, thanks again I got it working now.

however I have both IP Address and Hostname now, I can't find any option menu to remove the ip address, any idea?

[XTech]

however I have both IP Address and Hostname now, I can't find any option menu to remove the ip address, any idea?

There are no such option in syslog plugin. You have either to wait for syslog plugin setting "syslog retention time" to expire or purge syslog data stored with ip addresses from database manually, using mysql administration tools of your choice.

[francly]

however I have both IP Address and Hostname now, I can't find any option menu to remove the ip address, any idea?

There are no such option in syslog plugin. You have either to wait for syslog plugin setting "syslog retention time" to expire or purge syslog data stored with ip addresses from database manually, using mysql administration tools of your choice.

Thanks XTech, what I have done is go to syslog table remove all the data then go to syslog_hosts table remove the related hostsname in IP address, I have start with fresh log but I got my IP hostname remove.

[francly]

however I have both IP Address and Hostname now, I can't find any option menu to remove the ip address, any idea?

There are no such option in syslog plugin. You have either to wait for syslog plugin setting "syslog retention time" to expire or purge syslog data stored with ip addresses from database manually, using mysql administration tools of your choice.

Thanks XTech, what I have done is go to syslog table remove all the data then go to syslog_hosts table remove the related hostsname in IP address, I have start with fresh log but I got my IP hostname remove.

[jumafrhe]

Hi.

It´s happening to me the same thing: after to install syslog 1.22 plugin (on cacti 0.8.7g and PA 2., I´m not able to see syslog messages on syslog tab, but syslog_incoming messages on syslog database has messages stored.

However, I don´t understand solution to this issue. Could you tell me exactly how to resolve this problem?

B.R.

[gurulee]

I am experiencing this problem as well; I had uninstalled Nectar and reinstalled Syslog in the plugins GUI, but I only see messages from the localhost, not from my firewall devices sending in local0 on port 514....?

Also, I am getting these Local syslog messages that I would like to debug:

Code: Select all

(root) CMD (php /var/www/html/poller.php > /dev/null 2>&1)

Any ideas?

[desscartes]

Hi,


I have sımılar problem but I dont have any data on syslog database tables.(http://forums.cacti.net/viewtopic.php?f=14&t=53579)

Please could you share working syslog-ng.conf and conf.php full of confuguration??

[chaosisbliss]

Hi,

This appears to be a fairly old thread but relevant to my current Cacti Syslog issue(s). Hopefully I can explain this well enough although it appears I am having a similar issue to those prior.

I installed CactiEZ (CentOS 64Bit) on VMWorkstation which is working great with the exception of Syslog. According to my Syslog, I am getting localhost information but not receiving anything from any other network devices setup on SNMP Traps(Community).

When I run /usr/bin/php syslog_process.php --debug, I receive the following:

Code: Select all

SYSLOG: Sylog Table is NOT Partitioned
SYSLOG: Deleted 0, Syslog Message(s) (older than 2017-05-16)
SYSLOG: Found 0, New Message(s) to process
SYSLOG: Found 2, Removal Rule(s) to process
SYSLOG: Found 0, Alert Rules to Process
SYSLOG: Moved 8, Message(s) to the 'syslog' table
SYSLOG: Deleted 8, Already Processed Message(s) from incoming 
SYSLOG: Deleted 0, Syslog alarm log Record(s)
SYSLOG: Processing Reports...
SYSLOG: We have 0 Reports in the database
SYSLOG: Finished processing Reports...
09/13/2017 04:14:40PM - SYSTEM SYSLOG STATS: Time:0.18 Deletes:0 Incoming:0 Removes:0 XFers:8 Alerts:0 Alarms:0 Reports:0

[cigamit]

Hi,

This appears to be a fairly old thread but relevant to my current Cacti Syslog issue(s). Hopefully I can explain this well enough although it appears I am having a similar issue to those prior.

I installed CactiEZ (CentOS 64Bit) on VMWorkstation which is working great with the exception of Syslog. According to my Syslog, I am getting localhost information but not receiving anything from any other network devices setup on SNMP Traps(Community).

When I run /usr/bin/php syslog_process.php --debug, I receive the following:

Code: Select all

SYSLOG: Sylog Table is NOT Partitioned
SYSLOG: Deleted 0, Syslog Message(s) (older than 2017-05-16)
SYSLOG: Found 0, New Message(s) to process
SYSLOG: Found 2, Removal Rule(s) to process
SYSLOG: Found 0, Alert Rules to Process
SYSLOG: Moved 8, Message(s) to the 'syslog' table
SYSLOG: Deleted 8, Already Processed Message(s) from incoming 
SYSLOG: Deleted 0, Syslog alarm log Record(s)
SYSLOG: Processing Reports...
SYSLOG: We have 0 Reports in the database
SYSLOG: Finished processing Reports...
09/13/2017 04:14:40PM - SYSTEM SYSLOG STATS: Time:0.18 Deletes:0 Incoming:0 Removes:0 XFers:8 Alerts:0 Alarms:0 Reports:0

SNMP Traps are not Syslog Messages. You would have to forward messages to Syslog, not via a SNMP Trap.

[chaosisbliss]

Ah. Thanks for calling me out on that. I did state that incorrectly. We have our Cisco devices forwarding syslogs to our Cacti(Syslog) server. We set the logging host to the IP and setup logging trap levels.