Syslog plugin - Moved 0, Message(s) to the 'syslog' table

General discussion about Plugins for Cacti

Moderators: Developers, Moderators

Post Reply
CyberTod
Posts: 5
Joined: Mon Jun 28, 2021 12:48 am

Syslog plugin - Moved 0, Message(s) to the 'syslog' table

Post by CyberTod »

I have searched all topics regarding logs not showing in System Logs, but haven't found a solution to my problem.
The Cacti version is 1.2.17, the syslog plugin is version 3.2

I am using syslog-ng. It is properly configured. The logs go to table 'syslog_incoming'. The poller is working and on every run the messages are "processed", because they disappear from the incoming table.
The 'syslog' table remains empty. Other tables for example 'syslog_hosts' are populated.
When I run the syslog poller manually I get this :

root@linux:/usr/share/cacti/site/plugins/syslog# php -q syslog_process.php --debug --force-report
SYSLOG: Syslog Table is NOT Partitioned
SYSLOG: Deleted 0, Syslog Message(s) (older than 2021-06-07)
SYSLOG: Unique ID = 114
SYSLOG: Found 3, New Message(s) to process
SYSLOG: Found 0, Removal Rule(s) to process
SYSLOG: Found 2, Alert Rules to process
SYSLOG: Moved 0, Message(s) to the 'syslog' table
SYSLOG: Deleted 3, Already Processed Message(s) from incoming
SYSLOG: Deleted 0, Syslog alarm log Record(s)
SYSLOG: Deleted 0, Syslog Host Record(s)
SYSLOG: Deleted 0, Old programs from programs table
SYSLOG: Deleted 0, Syslog Host/Facility Record(s)
SYSLOG: Processing Reports...
SYSLOG: We have 0 Reports in the database
SYSLOG: Finished processing Reports...
2021-07-07 13:56:05 - SYSTEM SYSLOG STATS: Time:0.1 Deletes:0 Incoming:3 Removes:0 XFers:0 Alerts:2 Alarms:0 Reports:0

There are new messages. They are processed, because on an immediate next run they are 0. But no matter how many 'Found' I have there are 0 'Moved'.
CyberTod
Posts: 5
Joined: Mon Jun 28, 2021 12:48 am

Re: Syslog plugin - Moved 0, Message(s) to the 'syslog' table

Post by CyberTod »

So I found the problem.

My syslog-ng had this configuration :

destination cacti-syslog {
sql(type(mysql)
host("localhost") username("cacti") password("****")
database("cacti")
table("syslog_incoming")
columns("facility", "priority", "logtime", "date", "time", "host", "message")
values("$FACILITY", "$PRIORITY", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$YEAR-$MONTH-$DAY", "$HOUR:$MIN:$SEC", "$HOST_FROM", "$MSG")
indexes("facility", "priority", "logtime", "date", "time", "host", "msg"));
};

This does not put anything in column 'program' so it stays NULL. When 'program' is NULL then this query in syslog_process.php does nothing :

/* move syslog records to the syslog table */
syslog_db_execute('INSERT INTO `' . $syslogdb_default . '`.`syslog`
(logtime, priority_id, facility_id, program_id, host_id, message)
SELECT logtime, priority_id, facility_id, program_id, host_id, message
FROM (SELECT logtime, priority_id, facility_id, sp.program_id, sh.host_id, message
FROM syslog_incoming AS si
INNER JOIN syslog_hosts AS sh
ON sh.host=si.host
INNER JOIN syslog_programs AS sp
ON sp.program=si.program
WHERE status=' . $uniqueID . ') AS merge');

It always affects 0 rows, because of the inner join with 'syslog_programs' which is empty.

I added $PROGRAM value to be inserted into 'program' column and now the log is moved properly to 'syslog' table.

Actually my syslog-ng config had other problems too, because it was filling the priority and facility columns wrong which led to her php notices in cacti log, especially when 'priority_id' is left NULL, so the final syslog-ng config that works properly is this:

destination cacti-syslog {
sql(type(mysql)
host("localhost") username("cacti") password("****")
database("cacti")
table("syslog_incoming")
columns("facility_id", "priority_id", "program", "logtime", "date", "time", "host", "message", "facility", "priority")
values("$FACILITY_NUM", "$LEVEL_NUM", "$PROGRAM", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$YEAR-$MONTH-$DAY", "$HOUR:$MIN:$SEC", "$HOST_FROM", "$MSG", "$FACILITY", "$PRIORITY")
indexes("facility_id", "priority_id", "program", "logtime", "date", "time", "host", "msg", "facility", "priority"));
};
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest