Syslog monitor addon beta
Moderators: Developers, Moderators
-
- Posts: 24
- Joined: Wed May 10, 2006 2:46 pm
- Location: Memphis, TN USA
I just wanted to check and see if someone could point me in the right direction on how to solve a problem I am having getting this plugin to work. The plugin itself seems fine. The reading I have done in this message board makes me think I am having a problem with getting my syslog data passed through to my database.
I have installed syslog-ng and working as far as creating text log files from my network devices. I then added the following to my syslog-ng.conf file:
# pipe messages to /var/log/mysql.pipe to be processed by mysql
source src {unix-stream("/dev/log");
pipe("/proc/kmsg");
internal();};
destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n") template-escape(yes)); };
log { source(src); destination(d_mysql); };
I created a pipe file using: mkfifo /var/log/mysql.pipe
Since I was really not certain about the correct database structure I created a database called syslog and the imported the syslog.sql file from the plugin into it. I also gave it the same user right as my cacti database.
I then used the following script file in order to start it and I changed the user info and paths to match my system.
#!/bin/bash
if [ -e /var/log/mysql.pipe ]; then
while [ -e /var/log/mysql.pipe ]
do
mysql -u cactiuser --password=cactipw syslog < /var/log/mysql.pipe
done
else
mkfifo /var/log/mysql.pipe
fi
When I execute the script either through crontab or manually it just hangs and no data gets into the database or into the pipe file from what I can see.
I am running on CentOS 4 with MYSQL 5.0.22
Anyone have any ideas on what I might be overlooking or things to check?
Thanks for the help
I have installed syslog-ng and working as far as creating text log files from my network devices. I then added the following to my syslog-ng.conf file:
# pipe messages to /var/log/mysql.pipe to be processed by mysql
source src {unix-stream("/dev/log");
pipe("/proc/kmsg");
internal();};
destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n") template-escape(yes)); };
log { source(src); destination(d_mysql); };
I created a pipe file using: mkfifo /var/log/mysql.pipe
Since I was really not certain about the correct database structure I created a database called syslog and the imported the syslog.sql file from the plugin into it. I also gave it the same user right as my cacti database.
I then used the following script file in order to start it and I changed the user info and paths to match my system.
#!/bin/bash
if [ -e /var/log/mysql.pipe ]; then
while [ -e /var/log/mysql.pipe ]
do
mysql -u cactiuser --password=cactipw syslog < /var/log/mysql.pipe
done
else
mkfifo /var/log/mysql.pipe
fi
When I execute the script either through crontab or manually it just hangs and no data gets into the database or into the pipe file from what I can see.
I am running on CentOS 4 with MYSQL 5.0.22
Anyone have any ideas on what I might be overlooking or things to check?
Thanks for the help
Help
All,
I have a box freebsd 5.4 P16 that is running apache 1.3 mod ssl and mysql 4.1 with php5. I have all of cacti running fine with the exception of this syslog plugin. I have a working syslog-ng install. All my logs are going into the the correct files in /var/log according to the config. I have a destination setup like the examples for writing to a fifo file. I ran mkfifo /tmp/mysql.pipe and then restart syslog-ng. The permissions on the mysql.pipe file change when syslog-ng starts but there is no data going there.
If I do a tcpdump port 514 I can see the data coming in. But if I do a cat /tmp/mysql.pipe there is nothing. I can not see where the issue lies with the data not ending up in the pipe. there are no errors that I can see. Please someone help me get my data into the pipe.
Thanks
I have a box freebsd 5.4 P16 that is running apache 1.3 mod ssl and mysql 4.1 with php5. I have all of cacti running fine with the exception of this syslog plugin. I have a working syslog-ng install. All my logs are going into the the correct files in /var/log according to the config. I have a destination setup like the examples for writing to a fifo file. I ran mkfifo /tmp/mysql.pipe and then restart syslog-ng. The permissions on the mysql.pipe file change when syslog-ng starts but there is no data going there.
If I do a tcpdump port 514 I can see the data coming in. But if I do a cat /tmp/mysql.pipe there is nothing. I can not see where the issue lies with the data not ending up in the pipe. there are no errors that I can see. Please someone help me get my data into the pipe.
Thanks
How to avoid database growth?
Hi all,
We are planning to install syslog-ng and cacti syslog plugin. However, I have not found anything about database size.
If you insert more and more logs into the database, what happens? shouldnt you delete old entries? Will the database explode? Is there any way to set a maximum size for database, erasing old logs?
Any help would be appreciatted....
Regards
We are planning to install syslog-ng and cacti syslog plugin. However, I have not found anything about database size.
If you insert more and more logs into the database, what happens? shouldnt you delete old entries? Will the database explode? Is there any way to set a maximum size for database, erasing old logs?
Any help would be appreciatted....
Regards
- adrianmarsh
- Cacti User
- Posts: 437
- Joined: Wed Aug 17, 2005 8:51 am
- Location: UK
Thanks adrianmarsh... anybody can confirm this?adrianmarsh wrote:I think I remember reading somewhere in the config that it only keeps the last 30 days worth of logs.
Also, would it be possible to keep only a given size of database? i.e, imagine one of your devices starts sending lots of syslog, MB and MB of syslog.... database would die...
Regards,
- adrianmarsh
- Cacti User
- Posts: 437
- Joined: Wed Aug 17, 2005 8:51 am
- Location: UK
2 years?? that is fine for cacti rrds (nice design, btw), but not for our database. Our network devices do generate lots of logs, they are space-hungry, and 2 years would make database explode...adrianmarsh wrote:HHmmm...
I think i found the line I was thinking of, and its not time,:
$haloe_config["rows_per_page"] = "30";
I can't see a variable in the settings for it, but i do see some scripts/options that seem to suggest it may be in sync with Cacti defaults (eg 2 years)..
Anybody got a workaround for this issue? How do you manage to keep database size within a reasonable value? Any script, database routine, option...? Sorry for all this, but I am a newbie for mysql issues
Thanks in advance,
Regards
My latest version has an option to specify the number of days to keep syslog messages. I generally just default it to 30 inorder to keep the database from getting huge.chercen wrote:2 years?? that is fine for cacti rrds (nice design, btw), but not for our database. Our network devices do generate lots of logs, they are space-hungry, and 2 years would make database explode...
Anybody got a workaround for this issue? How do you manage to keep database size within a reasonable value? Any script, database routine, option...? Sorry for all this, but I am a newbie for mysql issues
Thanks in advance,
Regards
- adrianmarsh
- Cacti User
- Posts: 437
- Joined: Wed Aug 17, 2005 8:51 am
- Location: UK
I'm getting "Server Error, unable to connect to fastcgi server". Has anyone an idea what this error can come from? Doesn't matter whether I install haloe as a plugin or not. I'm using cacti on win2k3 with IIS. no possiblity to test it on apache.
Though the manual run of haloe.php returns more or less good page:
"php c:\inetpub\wwwroot\cacti\plugins\haloe\haloe.php > test.php"
Though the manual run of haloe.php returns more or less good page:
"php c:\inetpub\wwwroot\cacti\plugins\haloe\haloe.php > test.php"
Great plug-in and I believe this is exactly what I've been looking for in viewing syslog log files.
I've installed the plugin and database and believe that they are both working fine. I'm using FreeBSD with Rsyslogd, which stores syslog messages natively to a MySQL database I have that's on the same server.
Now I've been reading up on this plug-in but I'm still not 100% sure I know how it works. Is it going to pull data from my current syslog server and display that? Currently I have my Rsyslogd setup to log messages to MySQL, with a template setup pointing to what database/table/etc I want it stored in. Will I be using a new database to house these messages and not need my current syslog server?
Any help would be appreciated. Thanks.
I've installed the plugin and database and believe that they are both working fine. I'm using FreeBSD with Rsyslogd, which stores syslog messages natively to a MySQL database I have that's on the same server.
Now I've been reading up on this plug-in but I'm still not 100% sure I know how it works. Is it going to pull data from my current syslog server and display that? Currently I have my Rsyslogd setup to log messages to MySQL, with a template setup pointing to what database/table/etc I want it stored in. Will I be using a new database to house these messages and not need my current syslog server?
Any help would be appreciated. Thanks.
Who is online
Users browsing this forum: No registered users and 9 guests