Syslog plugin + syslog-ng

[DreamHunter]

Hello folks! I dunno if this topic is outdated. Remove it in case of useless.

Recently i've faced with plugin:syslog. On the official page written: Currently, only rsyslog is covered. But...
...As is often the case I've installed syslog-ng before i started use the cacti (my corp-mate loves install things and then asks me to turn it on). My task been to configure central logger on this software. And you know what? - It works. I think it would be useful to share with you.

So i have deployed cacti on the one machine and syslog-ng + MySQL server installed on the other. OS - FreeBSD9.1x64.

How-to:
1. Copy sample config into regular.

Code: Select all

cp /usr/local/etc/syslog-ng.conf.sample /usr/local/etc/syslog-ng.conf

2. Disable syslogd, enable syslog-ng and reboot server.

Code: Select all

echo syslogd_enable=\"NO\" >> /etc/rc.conf
echo syslog_ng_enable=\"YES\" >> /etc/rc.conf
reboot

3. If you have not installed plugin architecture and cacti's plugin:settings - you have to install it.

4. Install the cacti's plugin:syslog. My cacti installed in /usr/local/share/cacti, so..

Code: Select all

fetch "http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgz"
tar -zxf plugin:syslog-v1.22-2.tgz -C /usr/local/share/cacti/plugins

5. Now you need to decide where will be placed the data and create database. I had database server for syslog on another server so i've created database and user for cacti:

Code: Select all

CREATE DATABASE IF NOT EXISTS `syslogs` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `syslogs`;
GRANT USAGE ON *.* TO 'cactiuser'@'%' IDENTIFIED BY PASSWORD '*43DD7940383044FBDE5B177730FAD3405BC6DAD7';
GRANT ALL PRIVILEGES ON `syslogs`.* TO 'cactiuser'@'%';

6. After creating database you need to point the cacti plugin (Edit /usr/local/share/cacti/plugins/syslog/config.php)

Code: Select all

/* revert if you dont use the Cacti database */
//$use_cacti_db = true;
$use_cacti_db = false;

if (!$use_cacti_db) {
    $syslogdb_type     = 'mysql';
    $syslogdb_default  = 'syslogs';
    $syslogdb_hostname = 'xxx.xxx.xxx.xxx';
    $syslogdb_username = 'cactiuser';
    $syslogdb_password = 'cactiuser';
    $syslogdb_port     = 3306;

...of course you need to write address of your server instead of xxx.xxx.xxx.xxx

7. Install and enable your plugin in console tab cacti's web interface.

8. Now we need direct syslog data to the database. I've decided to store local syslog in the old files. All other that i'll get from network will be stored in database.

#
# sources
#
source src { unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
# udp(); internal(); file("/dev/klog"); };
internal(); file("/dev/klog"); };

source src_network {
udp();
};
#
# destinations
#
destination messages { file("/var/log/messages"); };
destination security { file("/var/log/security"); };

* * * stuff * * *

destination allusers { usertty("*"); };
#destination loghost { udp("loghost" port(514)); };

destination d_sql {
sql(type(mysql)
host("localhost") username("cactiuser") password("cactiuser")
database("syslogs")
table("syslog_incoming")
columns("facility varchar(10) DEFAULT NULL", "priority varchar(10) DEFAULT NULL", "date date DEFAULT NULL", "time time DEFAULT NULL", "host varchar(128) DEFAULT NULL", "message varch
ar(1024) NOT NULL DEFAULT ''", "seq bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY", "status tinyint(4) NOT NULL DEFAULT '0'")
values("$FACILITY", "$PRIORITY", "${R_YEAR}-${R_MONTH}-${R_DAY}", "${R_HOUR}:${R_MIN}:${R_SEC}","$HOST", "$MESSAGE", "0", "0")
);
};

* * * stuff * * *

#
# Incomming network syslog messages
#
log { source(src_networt); destination(d_sql); };

...and restart syslog-ng:

Code: Select all

/usr/local/etc/rc.d/syslog-ng restart

Here we go...