Syslog monitor addon beta

General discussion about Plugins for Cacti

Moderators: Developers, Moderators

Post Reply
User avatar
nahun
Cacti User
Posts: 92
Joined: Wed Feb 15, 2006 11:27 pm
Location: Idaho
Contact:

Post by nahun »

I didn't even notice this before. You have syslog-ng inserting the syslogs into the 'logs' table, but haloe is set to show the syslogs from the 'syslog' table. You need syslog-ng to insert the logs into the 'syslog_incoming' table.
[size=75]Solaris 10 x86 [color=red][b]||[/b][/color] Cacti - 0.8.7 [color=red][b]||[/b][/color] MySQL - 5.0.45 [color=red][b]||[/b][/color] PHP - 5.2.6 [color=red][b]||[/b][/color] RRDTool - 1.2.23 [color=red][b]||[/b][/color] NET-SNMP - 5.4.1 [color=red][b]||[/b][/color] Syslog-ng 2.0.5
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
kingaru
Cacti User
Posts: 54
Joined: Wed Mar 09, 2005 6:35 am

Re: Syslog with Fedora 5

Post by kingaru »

nahun wrote:
kingaru wrote:Soo.. if I'm correct the setup.php should select records for alarm which have "status=1" ... I just checked my database and all records in my syslog_incoming database have status=0 ... where and how this status is changing? Why it is always stays 0?
I guess you have used and fixed the latest version of the haloe based on the plugin architecture right? Can you post yours fixed php files so I can compare to what I have got ...?

Thanks
Igor
klr0514
Posts: 27
Joined: Tue Apr 04, 2006 8:19 am
Contact:

Post by klr0514 »

okay, with that change and syslog-ng restarted, I am getting an error...
ERROR 1054 (42S22) at line 1: Unknown column 'level' in 'field list'
I will take a look at this and see if I can determine the cause...

update:
the syslog table under haloe db in MYSQL does not have this entry. Looks like I need to add this entry to my table...
User avatar
nahun
Cacti User
Posts: 92
Joined: Wed Feb 15, 2006 11:27 pm
Location: Idaho
Contact:

Re: Syslog with Fedora 5

Post by nahun »

kingaru wrote: I guess you have used and fixed the latest version of the haloe based on the plugin architecture right? Can you post yours fixed php files so I can compare to what I have got ...?

Thanks
Igor
Here are my setup.php and haloe_alert.php. Look for changing message to msg if your table is setup that way. Also I would go through the posts on page 8 and 9.
Attachments
fixed.zip
My fixed haloe_alert.php and setup.php files.
(5.54 KiB) Downloaded 314 times
[size=75]Solaris 10 x86 [color=red][b]||[/b][/color] Cacti - 0.8.7 [color=red][b]||[/b][/color] MySQL - 5.0.45 [color=red][b]||[/b][/color] PHP - 5.2.6 [color=red][b]||[/b][/color] RRDTool - 1.2.23 [color=red][b]||[/b][/color] NET-SNMP - 5.4.1 [color=red][b]||[/b][/color] Syslog-ng 2.0.5
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
klr0514
Posts: 27
Joined: Tue Apr 04, 2006 8:19 am
Contact:

Post by klr0514 »

nope... still seeing that error:

[root@dhcp-alpha-haloe]# /etc/syslog-ng/fifo_file &
[1] 19692
[root@dhcp-alpha-haloe]# ERROR 1054 (42S22) at line 1: Unknown column 'level' in 'field list'

Here is the database table:

[root@dhcp-alpha-haloe]# /usr/local/mysql/bin/mysqlshow -u root --password=xxxx haloe syslog
Database: haloe Table: syslog
+----------+------------------+-------------------+------+-----+---------+----------------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+----------+------------------+-------------------+------+-----+---------+----------------+---------------------------------+---------+
| host | varchar(32) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| facility | varchar(10) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| priority | varchar(10) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| level | varchar(10) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| date | date | | YES | MUL | | | select,insert,update,references | |
| time | time | | YES | MUL | | | select,insert,update,references | |
| msg | text | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| seq | int(10) unsigned | | NO | PRI | | auto_increment | select,insert,update,references | |
+----------+------------------+-------------------+------+-----+---------+----------------+---------------------------------+---------+
[root@dhcp-alpha-haloe]# /usr/local/mysql/bin/mysqlshow -u root --password=rootpw haloe syslog_incoming
Database: haloe Wildcard: syslog_incoming
+-----------------+
| Tables |
+-----------------+
| syslog_incoming |
+-----------------+
[root@dhcp-alpha-haloe]#

Here is the fifo_file:
#!/bin/bash

if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u cactiuser --password=xxxxx haloe < /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe

fi
User avatar
nahun
Cacti User
Posts: 92
Joined: Wed Feb 15, 2006 11:27 pm
Location: Idaho
Contact:

Post by nahun »

klr0514 wrote: [root@dhcp-alpha-haloe]# /usr/local/mysql/bin/mysqlshow -u root --password=rootpw haloe syslog_incoming
Database: haloe Wildcard: syslog_incoming
that command should be:

Code: Select all

mysqlshow -u root --password=rootpw haloe syslog\\_incoming
You need the two backslashes because an underscore is a wildcard. It might just be one backslash, but it was two for me.

You also don't have the tag column in the syslog table, but I don't know if that would be the problem.
[size=75]Solaris 10 x86 [color=red][b]||[/b][/color] Cacti - 0.8.7 [color=red][b]||[/b][/color] MySQL - 5.0.45 [color=red][b]||[/b][/color] PHP - 5.2.6 [color=red][b]||[/b][/color] RRDTool - 1.2.23 [color=red][b]||[/b][/color] NET-SNMP - 5.4.1 [color=red][b]||[/b][/color] Syslog-ng 2.0.5
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
klr0514
Posts: 27
Joined: Tue Apr 04, 2006 8:19 am
Contact:

Post by klr0514 »

so what columns should be in the syslog and syslog_incoming tables? The bundled file syslog.sql is very inaccurate...
<exerpt from syslog.sql>
--
-- Table structure for table `syslog`
--

CREATE TABLE syslog (
facility varchar(10) default NULL,
priority varchar(10) default NULL,
`date` date default NULL,
`time` time default NULL,
host varchar(128) default NULL,
message text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY (seq)
) ENGINE=MyISAM;
User avatar
nahun
Cacti User
Posts: 92
Joined: Wed Feb 15, 2006 11:27 pm
Location: Idaho
Contact:

Post by nahun »

klr0514 wrote:so what columns should be in the syslog and syslog_incoming tables? The bundled file syslog.sql is very inaccurate...
Yeah, I had to change mine too. Here is my syslog_incoming. My syslog table is exactly the same except no status column:

Code: Select all

CREATE TABLE `syslog_incoming` (
  `host` varchar(128) default NULL,
  `facility` varchar(10) default NULL,
  `priority` varchar(10) default NULL,
  `level` varchar(10) default NULL,
  `tag` varchar(10) default NULL,
  `date` date default NULL,
  `time` time default NULL,
  `program` varchar(15) default NULL,
  `msg` text,
  `seq` int(10) unsigned NOT NULL auto_increment,
  `status` tinyint(4) NOT NULL default '0',
  PRIMARY KEY  (`seq`),
  KEY `host` (`host`),
  KEY `program` (`program`),
  KEY `time` (`time`),
  KEY `date` (`date`),
  KEY `priority` (`priority`),
  KEY `facility` (`facility`)
) ENGINE=MyISAM
[size=75]Solaris 10 x86 [color=red][b]||[/b][/color] Cacti - 0.8.7 [color=red][b]||[/b][/color] MySQL - 5.0.45 [color=red][b]||[/b][/color] PHP - 5.2.6 [color=red][b]||[/b][/color] RRDTool - 1.2.23 [color=red][b]||[/b][/color] NET-SNMP - 5.4.1 [color=red][b]||[/b][/color] Syslog-ng 2.0.5
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
klr0514
Posts: 27
Joined: Tue Apr 04, 2006 8:19 am
Contact:

Post by klr0514 »

no more warnings, but now my haloe.php page is unable to display... When I reference a database that is not working, this seems to work. When I reference a database (or table) that is working, this page won't display...

here is my config.php (except the color definitions):
$haloedb_type = "mysql";
$haloedb_default = "haloe";
$haloedb_hostname = "localhost";
$haloedb_username = "cactiuser";
$haloedb_password = "xxxxx';

$haloe_config["rows_per_page"] = "30";

// Integrate with Graph View Timespan Selector. If false, keep seperate timespan settings
$haloe_config["graphtime"] = true;

// Display timespan selector or not [ only used if $haloe_config["graphtime"]=false ]
$haloe_config["timespan_sel"] = true;

this seems like such a great tool... just wish I could get this working....
Do I need to match column for column on incoming and syslog tables?
EDIT: Nevermind... I see you added that these had to be the same except status...

// Field Mappings, adjust to match the haloe table columns in use
$haloe_config["haloeTable"] = "syslog";
$haloe_config["incomingTable"] = "syslog_incoming";
$haloe_config["removeTable"] = "syslog_remove";
$haloe_config["alertTable"] = "syslog_alert";
$haloe_config["dateField"] = "date";
$haloe_config["timeField"] = "time";
$haloe_config["priorityField"] = "priority";
$haloe_config["facilityField"] = "facility";
$haloe_config["hostField"] = "host";
$haloe_config["textField"] = "message";
$haloe_config["id"] = "seq";
User avatar
nahun
Cacti User
Posts: 92
Joined: Wed Feb 15, 2006 11:27 pm
Location: Idaho
Contact:

Post by nahun »

klr0514 wrote: $haloe_config["textField"] = "message";
That should be "msg" not "message" if you copied my table structure.
[size=75]Solaris 10 x86 [color=red][b]||[/b][/color] Cacti - 0.8.7 [color=red][b]||[/b][/color] MySQL - 5.0.45 [color=red][b]||[/b][/color] PHP - 5.2.6 [color=red][b]||[/b][/color] RRDTool - 1.2.23 [color=red][b]||[/b][/color] NET-SNMP - 5.4.1 [color=red][b]||[/b][/color] Syslog-ng 2.0.5
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
klr0514
Posts: 27
Joined: Tue Apr 04, 2006 8:19 am
Contact:

Post by klr0514 »

nahun wrote:
klr0514 wrote: $haloe_config["textField"] = "message";
That should be "msg" not "message" if you copied my table structure.
Okay... Found that one and the syslog tab is working again, but still nothing being input to the syslog table on that page...

If I directly paste this into the database through the shell, I still do not see the data, but mysql seems to accept the data... Seems like I am having some problem retrieving the data from the database?

mysql> INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, program, msg)
-> VALUES ( 'host', 'local7', 'notice', 'notice', 'bd', '2006-04-04', '13:30:42', '331', '331: *Apr 4 17:16:42.569: %SYS-5-CONFIG_I: Configured from console by vty0' );
Query OK, 1 row affected (0.00 sec)

mysql> exit
User avatar
nahun
Cacti User
Posts: 92
Joined: Wed Feb 15, 2006 11:27 pm
Location: Idaho
Contact:

Post by nahun »

sorry if my help isn't the best, I'm no guru. Anyway, try inserting data manually into the syslog table instead to see if anything shows up. Cacti moves the data from the syslog_incoming table to the syslog table every time it polls, so thats 5 minutes for me. I think there might be some things you have to change because your message column is "msg". I'm going to go back and see what it was because I can't remember :P
[size=75]Solaris 10 x86 [color=red][b]||[/b][/color] Cacti - 0.8.7 [color=red][b]||[/b][/color] MySQL - 5.0.45 [color=red][b]||[/b][/color] PHP - 5.2.6 [color=red][b]||[/b][/color] RRDTool - 1.2.23 [color=red][b]||[/b][/color] NET-SNMP - 5.4.1 [color=red][b]||[/b][/color] Syslog-ng 2.0.5
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
klr0514
Posts: 27
Joined: Tue Apr 04, 2006 8:19 am
Contact:

Post by klr0514 »

after letting this thing sit for a while, now I am finally seeing the syslog messages!! Thanks ever so much for all of the extra help!! Seems like a 10-15 minute delay right now... Have to work on improving the response time for this.. :-)
Amag
Posts: 17
Joined: Mon Dec 19, 2005 9:26 am

Lemme know if you have any luck

Post by Amag »

Your delay doesn't sound as bad as mine, but please let me know what sort of tweaks (if any) you can find to improve the syslog performance!

Thanks,
a.
kingaru
Cacti User
Posts: 54
Joined: Wed Mar 09, 2005 6:35 am

Re: Syslog with Fedora 5

Post by kingaru »

Thanks a lot. The problem is gone ... :)
Besides the script problem I found that have sendmail down on the internal server as well :)))) which has contributed in the issue :)

Igor

nahun wrote:
kingaru wrote: I guess you have used and fixed the latest version of the haloe based on the plugin architecture right? Can you post yours fixed php files so I can compare to what I have got ...?

Thanks
Igor
Here are my setup.php and haloe_alert.php. Look for changing message to msg if your table is setup that way. Also I would go through the posts on page 8 and 9.
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests