The plugin doesn't pull anything. Its just a viewer (and alerter). Your syslog server must stick its own entries into the database. Most syslog clients don't do this out of the box, syslog-ng or msyslog are both fairly easy to setup to get this done though.goosed wrote:Great plug-in and I believe this is exactly what I've been looking for in viewing syslog log files.
I've installed the plugin and database and believe that they are both working fine. I'm using FreeBSD with Rsyslogd, which stores syslog messages natively to a MySQL database I have that's on the same server.
Now I've been reading up on this plug-in but I'm still not 100% sure I know how it works. Is it going to pull data from my current syslog server and display that? Currently I have my Rsyslogd setup to log messages to MySQL, with a template setup pointing to what database/table/etc I want it stored in. Will I be using a new database to house these messages and not need my current syslog server?
Any help would be appreciated. Thanks.
Syslog monitor addon beta
Moderators: Developers, Moderators
Thanks for the info cigamit. With that I've decided to move to Syslog-NG for my purposes.
However I am having trouble getting it to run. I've followed a setup guide from here but cannot get Syslog to output anything.
I have declared my source net and created the fifo pipe, but when I cat the pipe or tail /var/log/messages I have nothing. Any ideas? Thanks again.
However I am having trouble getting it to run. I've followed a setup guide from here but cannot get Syslog to output anything.
I have declared my source net and created the fifo pipe, but when I cat the pipe or tail /var/log/messages I have nothing. Any ideas? Thanks again.
Is your script still running to move the data from the fifo to the mysql table? For instance here is mine. I have set /etc/init.d/syslog-ng to start the script before starting the syslog daemon, and to kill it when exitting. So now if happen to start or stop the syslog service, the extra script is also up and running.goosed wrote:Don't mean to be a pain but I checked this morning and logs are no longer going into my database. I remade the pipe and restarted Syslog, but nothing. When I cat the pipe I can see tons of stuff going through it.
Code: Select all
#!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
mkfifo /tmp/mysql.pipe
fi
while [ -e /tmp/mysql.pipe ]
do
mysql -u cactiuser --password=cactiuser syslog < /tmp/mysql.pipe
done
Guys, you rock! Keep up the good work!
The only things I eager to see in Haloe are a simple implementation of regex and alerting capability.
And a small tip for those who use mysql on non-standard port. In order to run Haloe you would need to set port manually for the function db_connect_real in lib/database.php like this:
" db_connect_real($host,$user,$pass,$db_name,$db_type, $port = "3307", $retries = 20) "
The only things I eager to see in Haloe are a simple implementation of regex and alerting capability.
And a small tip for those who use mysql on non-standard port. In order to run Haloe you would need to set port manually for the function db_connect_real in lib/database.php like this:
" db_connect_real($host,$user,$pass,$db_name,$db_type, $port = "3307", $retries = 20) "
Hey cigamit thanks for the reply. I actually reverted back to Rsyslog after doing some reading and was successfully able to get that to filter into my MySQL database. I figured that the pipe was probably dying and couldn't bare trying to fix it again. It looks like it's working well now. I've gotten the alerts and removals working so hopefully everything will stay the way it is. Thanks again.
Hum.. I will add an option for the port. Also, there already are alerting capabilities in Haloe (well my "version" at least). What do you want done with regex?airwalk wrote:Guys, you rock! Keep up the good work!
The only things I eager to see in Haloe are a simple implementation of regex and alerting capability.
And a small tip for those who use mysql on non-standard port. In order to run Haloe you would need to set port manually for the function db_connect_real in lib/database.php like this:
" db_connect_real($host,$user,$pass,$db_name,$db_type, $port = "3307", $retries = 20) "
It was posted here in the forums, but the newest of course if always available on my website with all the others.airwalk wrote:When (or where) could we get this "my version"? =)
Ya, I noticed that this doesn't work as well as expected, and I will fix that in the next version. I also don't particularly like a lot of the characters it strips out of the search, so I will probably place those back in.airwalk wrote:As of regex it would be great to implement basic regex metacharacters for "Search 'Message' text:". For example, it's often when we need to search for an entries which has text "aaa" and text "bbb" somewhere in the record.
I suppose there's a kind of bug/misbehavior. If you've got a misconfiguration with your e-mail options and email function doesn't execute correctly then the actual messages doesn't transfer from incoming_syslog to syslog. Only the status changes from "0".
Besides, if I set an alert and click on "save" i receive "the page cannot be displayed". Though If I refresh the page everything goes fine and I see an alert as created.
I use IIS6 with normal CGI and Zend.
I doubt maybe it's a web server problem?
Besides, if I set an alert and click on "save" i receive "the page cannot be displayed". Though If I refresh the page everything goes fine and I see an alert as created.
I use IIS6 with normal CGI and Zend.
I doubt maybe it's a web server problem?
Last edited by airwalk on Wed Nov 01, 2006 3:04 am, edited 1 time in total.
am posting this issue here, not to create a new thread.
i installed haloe 0.4 on cacti 0.86i with freebsd and it works ok so far - ie i can view logs that are located in syslog, which would have been transfered from syslog_incoming.
however when i select a 'preset' time range it doesnt seem to work, and always goes back to the default 'half hour' regardless of which option i use.
anyone seen this ?
thanks
i installed haloe 0.4 on cacti 0.86i with freebsd and it works ok so far - ie i can view logs that are located in syslog, which would have been transfered from syslog_incoming.
however when i select a 'preset' time range it doesnt seem to work, and always goes back to the default 'half hour' regardless of which option i use.
anyone seen this ?
thanks
hello,
I am trying to install haloe 0.4
I can see the logs populating the database but the problem is i don't see theses logs through cacti
Everything seems to work and in the haloe folder, i only changed the database settings in config.php file
I can see someting only after i enter manually the command below:
root@ubuntu:/usr/share/cacti/site/plugins# php5 -q /usr/share/cacti/site/plugins/haloe/syslog_process.php /debug
Deleted 0 old Messages (older than 30 days)
Unique ID = 45
Found 10 new Messages to process
Found 0 Removal Rules to process
Found 0 Alert Rules to process
Moved 10 Messages to the 'syslog' table
Deleted 10 already processed Messages from incoming
In fact, the data inside the syslog_incoming table is not transferred automatically to the syslog table.
Will i be forced to add a cron job to run the syslog_process.php file?
can you help me?
Thanks
Qwertz
I am trying to install haloe 0.4
I can see the logs populating the database but the problem is i don't see theses logs through cacti
Everything seems to work and in the haloe folder, i only changed the database settings in config.php file
I can see someting only after i enter manually the command below:
root@ubuntu:/usr/share/cacti/site/plugins# php5 -q /usr/share/cacti/site/plugins/haloe/syslog_process.php /debug
Deleted 0 old Messages (older than 30 days)
Unique ID = 45
Found 10 new Messages to process
Found 0 Removal Rules to process
Found 0 Alert Rules to process
Moved 10 Messages to the 'syslog' table
Deleted 10 already processed Messages from incoming
In fact, the data inside the syslog_incoming table is not transferred automatically to the syslog table.
Will i be forced to add a cron job to run the syslog_process.php file?
can you help me?
Thanks
Qwertz
- Attachments
-
- Capture-3.png (139.1 KiB) Viewed 6501 times
-
- Capture-4.png (112.79 KiB) Viewed 6501 times
The plugin uses a hook in the bottom of poller.php in order to do all the automatic work. Make sure you have overridden the files that came with the plugin architecture with any other add-ons (for instance 1 minute polling)qwertz wrote:In fact, the data inside the syslog_incoming table is not transferred automatically to the syslog table.
Who is online
Users browsing this forum: No registered users and 1 guest