Syslog plugin
Moderators: Developers, Moderators
-
- Posts: 21
- Joined: Mon Jan 02, 2023 11:43 am
Syslog plugin
Hello!
I have installed Syslog plugin, but opted to create a new database, syslog, and everything was working fine, following the youtube video, I saw some rsyslog errors, and i restarted the server, after that, the poller stopped working along with Syslog, I have tried to see where I went wrong but nothing I could put a finger on.
Thank you!
#####################
rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-01-12 11:21:57 EAT; 8min ago
TriggeredBy: ● syslog.socket
Docs: man:rsyslogd(8)
man:rsyslog.conf(5)
https://www.rsyslog.com/doc/
Main PID: 1024 (rsyslogd)
Tasks: 5 (limit: 37979)
Memory: 3.8M
CPU: 41ms
CGroup: /system.slice/rsyslog.service
└─1024 /usr/sbin/rsyslogd -n -iNONE
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: could not load module 'ommysql', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so: /usr/lib/x86_>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: error during parsing file /etc/rsyslog.d/cacti.conf, on or before line 10: errors occured in file '/etc/rsyslog.d/cacti.co>
Jan 12 11:21:57 192.168.1.1 systemd[1]: Started System Logging Service.
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: could not load module 'ommysql', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so: /usr/lib/x86_>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: module name 'ommysql' is unknown [v8.2112.0 try https://www.rsyslog.com/e/2209 ]
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: error during parsing file /etc/rsyslog.d/mysql.conf, on or before line 5: errors occured in file '/etc/rsyslog.d/mysql.con>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2112.0]
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: rsyslogd's groupid changed to 113
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: rsyslogd's userid changed to 107
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="1024" x-info="https://www.rsyslog.com"] start
lines 1-24/24 (END)
#########################
cactid.service - Cacti Daemon Main Poller Service
Loaded: loaded (/etc/systemd/system/cactid.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-01-12 11:21:59 EAT; 12min ago
Process: 1005 ExecStart=/var/www/html/cacti/cactid.php (code=exited, status=0/SUCCESS)
Main PID: 1268 (php)
Tasks: 1 (limit: 37979)
Memory: 108.4M
CPU: 30min 34.371s
CGroup: /system.slice/cactid.service
└─1268 php /var/www/html/cacti/cactid.php
Jan 12 11:21:56 192.168.1.1 systemd[1]: Starting Cacti Daemon Main Poller Service...
Jan 12 11:21:59 192.168.1.1 cactid.php[1005]: Starting Cacti Daemon ... [OK]
Jan 12 11:21:59 192.168.1.1 systemd[1]: Started Cacti Daemon Main Poller Service.
Jan 12 11:23:27 192.168.1.1 php[1268]: CACTI: Database Connection went away. Attempting to reconnect!
#########################
I have installed Syslog plugin, but opted to create a new database, syslog, and everything was working fine, following the youtube video, I saw some rsyslog errors, and i restarted the server, after that, the poller stopped working along with Syslog, I have tried to see where I went wrong but nothing I could put a finger on.
Thank you!
#####################
rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-01-12 11:21:57 EAT; 8min ago
TriggeredBy: ● syslog.socket
Docs: man:rsyslogd(8)
man:rsyslog.conf(5)
https://www.rsyslog.com/doc/
Main PID: 1024 (rsyslogd)
Tasks: 5 (limit: 37979)
Memory: 3.8M
CPU: 41ms
CGroup: /system.slice/rsyslog.service
└─1024 /usr/sbin/rsyslogd -n -iNONE
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: could not load module 'ommysql', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so: /usr/lib/x86_>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: error during parsing file /etc/rsyslog.d/cacti.conf, on or before line 10: errors occured in file '/etc/rsyslog.d/cacti.co>
Jan 12 11:21:57 192.168.1.1 systemd[1]: Started System Logging Service.
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: could not load module 'ommysql', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so: /usr/lib/x86_>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: module name 'ommysql' is unknown [v8.2112.0 try https://www.rsyslog.com/e/2209 ]
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: error during parsing file /etc/rsyslog.d/mysql.conf, on or before line 5: errors occured in file '/etc/rsyslog.d/mysql.con>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2112.0]
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: rsyslogd's groupid changed to 113
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: rsyslogd's userid changed to 107
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="1024" x-info="https://www.rsyslog.com"] start
lines 1-24/24 (END)
#########################
cactid.service - Cacti Daemon Main Poller Service
Loaded: loaded (/etc/systemd/system/cactid.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-01-12 11:21:59 EAT; 12min ago
Process: 1005 ExecStart=/var/www/html/cacti/cactid.php (code=exited, status=0/SUCCESS)
Main PID: 1268 (php)
Tasks: 1 (limit: 37979)
Memory: 108.4M
CPU: 30min 34.371s
CGroup: /system.slice/cactid.service
└─1268 php /var/www/html/cacti/cactid.php
Jan 12 11:21:56 192.168.1.1 systemd[1]: Starting Cacti Daemon Main Poller Service...
Jan 12 11:21:59 192.168.1.1 cactid.php[1005]: Starting Cacti Daemon ... [OK]
Jan 12 11:21:59 192.168.1.1 systemd[1]: Started Cacti Daemon Main Poller Service.
Jan 12 11:23:27 192.168.1.1 php[1268]: CACTI: Database Connection went away. Attempting to reconnect!
#########################
-
- Posts: 21
- Joined: Mon Jan 02, 2023 11:43 am
Re: Syslog plugin
I was able to fix the user error, but the poller is still not working.
POLLER: Poller[Main Poller] PID[2400] WARNING: Cron is out of sync with the Poller Interval! The Poller Interval is '300' seconds, with a maximum of a '300' second Cron, but 600.4 seconds have passed since the last poll!
POLLER: Poller[Main Poller] PID[2400] WARNING: Cron is out of sync with the Poller Interval! The Poller Interval is '300' seconds, with a maximum of a '300' second Cron, but 600.4 seconds have passed since the last poll!
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: Syslog plugin
Well, the rsyslog and the poller issues are separate. I suggest you install the rsyslog-mysql module and get that configured first. The other issue I'm simply not certain of.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
-
- Posts: 21
- Joined: Mon Jan 02, 2023 11:43 am
Re: Syslog plugin
Thank you, I installed the rsyslog-mysql and the it started working, its a great plugin. Thank you.
Re: Syslog plugin
I am just looking into syslog on my setup (again my cacti is running on windows using mysql 5.7. my cacti is 1.2.23)
can i have the CLOG go to the syslog, or is this just for other devices to send logs to the CACTI server to display in the syslog tab?
i chose to use the CACTI database, I assume to use this against windows servers, I'd need the RSYLOG agent installed and configured on every client server? If this can use that agent and pull event logs, this would solve a GREAT many things where I am at today (and thus letting me nuke the SCOM server we hate so much)
can i have the CLOG go to the syslog, or is this just for other devices to send logs to the CACTI server to display in the syslog tab?
i chose to use the CACTI database, I assume to use this against windows servers, I'd need the RSYLOG agent installed and configured on every client server? If this can use that agent and pull event logs, this would solve a GREAT many things where I am at today (and thus letting me nuke the SCOM server we hate so much)
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: Syslog plugin
Syslog is a receiver, you need to send it stuff. It's that simple.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: Syslog plugin
that is what i thought. thank you for confirmingTheWitness wrote: ↑Tue Jan 24, 2023 9:22 pm Syslog is a receiver, you need to send it stuff. It's that simple.
Re: Syslog plugin
so, im trying to find a way to send windows event logs to the cacti syslog plug in.
right now im following the following tutorial... is the cacti syslog plug in using the same port mentioned here?
https://www.igoroseledko.com/sending-wi ... te-syslog/
i am hoping to be able to do this with as little financial backing as possible.. if this is even possible in that manner. Im also trying my very best to avoid requesting a change to install an agen, but if nxlog can do this, i might be able to get a buy in on that.
right now im following the following tutorial... is the cacti syslog plug in using the same port mentioned here?
https://www.igoroseledko.com/sending-wi ... te-syslog/
i am hoping to be able to do this with as little financial backing as possible.. if this is even possible in that manner. Im also trying my very best to avoid requesting a change to install an agen, but if nxlog can do this, i might be able to get a buy in on that.
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: Syslog plugin
There are some commercial and open source binaries for that. Unfortunately Microsoft SUCKS and does not really follow Linux/UNIX standard logging conversions. As such, I kind of abandoned Windows. For me it's a platform that supplies a browser and putty. Other than that, it's NSA spyware.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: Syslog plugin
idownloaded a portable syslog server.
it happened to run on UDP port 514.
i set that and put NXLog into UDP mode for 514. that stand alone syslog server is working and accepting.
if i dont use that, i just send it to the cacti server (which is the same server im using the stand-alone syslog server on ), nxlog tells me the target machine actively refused it.. which means to me, that nothing is listening on port 514.
Can you confirm for me that i should be using port 514 for the syslog plugin?
it happened to run on UDP port 514.
i set that and put NXLog into UDP mode for 514. that stand alone syslog server is working and accepting.
if i dont use that, i just send it to the cacti server (which is the same server im using the stand-alone syslog server on ), nxlog tells me the target machine actively refused it.. which means to me, that nothing is listening on port 514.
Can you confirm for me that i should be using port 514 for the syslog plugin?
Re: Syslog plugin
ok i got nxlog to stop giving me errors but its not sending anything into cacti.
I think i may understand the issue..
NXLog looks at the windows event logs, a txt file, or whatever input i want i to look at.
I tell NXLog send that data to a file, or a syslog server, and configure that syslog server's settings. It then should just connect and forward that information to the syslog server.
I think the disconnect for me here is that cacti itself is not acting like a syslog server in the traditional sense. I think I need something to take the data from NXLog and get that put into the cacti database.
In other words it would flow like this
LXLog (pulls from whatever source, manipulates it and sends to) >---- Syslog Server (such as ryslog or something simular) that syslog server then forwards that data to >---------------------- mysql's cacti datbase ..
am i on the right or wrong track with this methodology? or should cacti itself respond on UDP port 514 as any other syslog server does?
I think i may understand the issue..
NXLog looks at the windows event logs, a txt file, or whatever input i want i to look at.
I tell NXLog send that data to a file, or a syslog server, and configure that syslog server's settings. It then should just connect and forward that information to the syslog server.
I think the disconnect for me here is that cacti itself is not acting like a syslog server in the traditional sense. I think I need something to take the data from NXLog and get that put into the cacti database.
In other words it would flow like this
LXLog (pulls from whatever source, manipulates it and sends to) >---- Syslog Server (such as ryslog or something simular) that syslog server then forwards that data to >---------------------- mysql's cacti datbase ..
am i on the right or wrong track with this methodology? or should cacti itself respond on UDP port 514 as any other syslog server does?
Re: Syslog plugin
ok nxlog by itself in my setup didnt pan out "out of the box"
id have to setup an ODBC connection to the cacti db and upload that way.
alternatively, i used cygwin to get syslog-ng on the windows server as there is a port for it.
what i need to figure out is the correct syntax for my syslog-ng server to write to the cacti database, and then i think i'd have the plug in working.... i hope.
id have to setup an ODBC connection to the cacti db and upload that way.
alternatively, i used cygwin to get syslog-ng on the windows server as there is a port for it.
what i need to figure out is the correct syntax for my syslog-ng server to write to the cacti database, and then i think i'd have the plug in working.... i hope.
Re: Syslog plugin
anyone familiar with using syslog-ng for sending data into mysql?
if so can someone please check my code here before i attempt to make it work? This is for my syslog-ng config file. currently i have it writting to the 'messages' file and confirmed using tail that my setup is capturing data. this next step is to get it into the cacti tables for the syslog plug in
destination d_sql_messages {
sql(type(mysql)
host("127.0.0.1") username("root") password("mysql_password")
database("cacti")
table("syslog_incoming")
columns('facility_id, priority_id, program, logtime, host, message)
values('', '%syslogfacility%',' %syslogpriority%','%programname%','%timegenerated:::date-mysql%','%HOSTNAME%','TRIM('%msg%'))"
indexes("id","host","program","datetime"));
};
if so can someone please check my code here before i attempt to make it work? This is for my syslog-ng config file. currently i have it writting to the 'messages' file and confirmed using tail that my setup is capturing data. this next step is to get it into the cacti tables for the syslog plug in
destination d_sql_messages {
sql(type(mysql)
host("127.0.0.1") username("root") password("mysql_password")
database("cacti")
table("syslog_incoming")
columns('facility_id, priority_id, program, logtime, host, message)
values('', '%syslogfacility%',' %syslogpriority%','%programname%','%timegenerated:::date-mysql%','%HOSTNAME%','TRIM('%msg%'))"
indexes("id","host","program","datetime"));
};
- TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: Syslog plugin
Both rsyslog and syslog-ng work fine with the syslog plugin. The author and owner of syslog-ng and the company is an old Cacti user. Have not talked to him in several years though.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: Syslog plugin
it appears the syslong-ng server that someone ported to windows via cygwin is missing the mysql modules (and any sql modules).
Rysyslog has a windows AGENT but it's syslog server only appears to run on a linux server.
reason im trying to do it all on the same windows box is that where im at we're inundated with a crazy ITIL request procedure for me to build another VM .. even if it was just to run rysylog of syslog-ng on it.
Rysyslog has a windows AGENT but it's syslog server only appears to run on a linux server.
reason im trying to do it all on the same windows box is that where im at we're inundated with a crazy ITIL request procedure for me to build another VM .. even if it was just to run rysylog of syslog-ng on it.
Who is online
Users browsing this forum: No registered users and 0 guests