I have cacti 1.1.28 and syslog 2.1 installed.
Syslog message and alert mail work well with SQL String Match Type.
Only problem is Removal Rules filter with SQL not really work.
I try to describe as best as I can below :
My first filter is :
Code: Select all
host='ip.add.re.ss'
Code: Select all
host_id='622'
Error first filter :
Code: Select all
2017/12/22 11:45:46 - CMDPHP ERROR: A DB Exec Failed!, Error: Unknown column 'host' in 'where clause'
2017/12/22 11:45:46 - DBCALL ERROR: A DB Exec Failed!, Error:1054, SQL:'DELETE FROM `syslognew`.`syslog` WHERE host='ip.add.re.ss''
Code: Select all
2017/12/22 12:25:02 - CMDPHP ERROR: A DB Exec Failed!, Error: Unknown column 'host_id' in 'where clause'
2017/12/22 12:25:02 - DBCALL ERROR: A DB Exec Failed!, Error:1054, SQL:'DELETE FROM `syslognew`.`syslog_incoming` WHERE (host_id='622') AND status='83''
host_id SHOULD BE in syslognew.syslog
host SHOULD BE in syslognew.syslog_incoming
and that how the error come from (I guess) because Removal Rules code search the column host and host_id in wrong tables.
I try to find the code in syslog_removal.php but I'm not a coder.
Or maybe my syslog tables is in wrong order ?
But as stated above , my syslog message log is working well and also email alerting.
Code: Select all
syslog_incoming
Column Type Comment
facility_id int(10) unsigned NULL
priority_id int(10) unsigned NULL
program varchar(40) NULL
date date NULL
time time NULL
host varchar(64) NULL
message varchar(1024) []
seq bigint(20) unsigned Auto Increment
status tinyint(4) [0]
facility text NULL
priority text NULL
Code: Select all
syslog
Column Type Comment
facility_id int(10) unsigned NULL
priority_id int(10) unsigned NULL
program_id int(10) unsigned NULL
host_id int(10) unsigned NULL
logtime datetime [0000-00-00 00:00:00]
message varchar(1024) []
seq bigint(20) unsigned Auto Increment
Regards
Update :
I made workaround and somehow it work now.
But syslog itself is very slow compared to old syslog. Query on page took around 15 - 30 seconds to show. I have a huge syslog message from two syslog servers.
But it works