Syslog monitor addon beta

[tgk]

I think I have a fix for the msg/message column.
In setup.php and functions.php, find the lines with:

Code: Select all

" where message like  '

and replace that section with:

Code: Select all

" where " . $haloe_config["textField"] . " like '

I also found that the "access denied" page looks for an image in images/auth_deny.gif inside the plugin folder. I fixed it by copying it from cacti/images/auth_deny.gif into plugins/haloe/images/auth_deny.gif

[nahun]

@nahun,

I had the same problem as you did

ERROR: SQL Assoc Failed

but after changing msg to message and changing PSOT to POST the faultmessage from the cacti log disapeared and the remove seems to work.

I think I have a fix for the msg/message column.

Sounds good, I'll try it as soon as I get some time at work. To many projects at once

[nahun]

After I edited the files to "msg" instead of "message" I got it to work almost perfectly. I had to edit the haloe_remove.php and haloe_alert.php too because I changed those mysql tables from "message" to "msg" too just to be consistent.

The only part that doesn't work yet are the alerts. The settings get saved, but no email. I'll work on it some more.

[mgb]

Alerts don't seem to be working for me either. Keep me posted.

[cigamit]

Wierd... I thought I was subscribed to this thread. Anyways, thanks for finding these bugs and I now have them fixed in my SVN copy. I will see about releasing a new version fairly soon.

Also, if you find anymore, if you could please issue them in my bug tracker
http://cactiusers.org/bugs/
as it will be easier for me to keep track of everything in there

[twelzy]

harlequin and cigamit,

(Just a sugestion...)

I think that is a little bit confusing identify each line/event when the syslog (haloe) plugin have several successive lines with the same priority!

Is there any possibility to put a line between each event?

See the images below:

Thanks in advance!
(...and sorry for my poor English!)

[nahun]

Is there any possibility to put a line between each event?

You can actually just do this yourself by editing the haloe.php file. Where this part starts around line 296 on mine at least:

Code: Select all

<td nowrap valign=top>
	<?php print $haloe_message[$haloe_config["hostField"]];?>
</td>
<td nowrap valign=top>
	<?php print "";?>
</td>
<td nowrap valign=top>
	<?php print $haloe_message[$haloe_config["dateField"]];?>
</td>
<td nowrap valign=top>
	<?php print $haloe_message[$haloe_config["timeField"]];?>
</td>
<td nowrap>
	<?php print "";?>
</td>
<td valign=top>
	<?php print $haloe_message[$haloe_config["textField"]];?>
</td>
<td nowrap valign=top>
	<?php print $haloe_message[$haloe_config["priorityField"]];?>
</td>
<td nowrap valign=top>
	<center><a href='haloe_remove.php?id=<?php print $haloe_message[$haloe_config["id"]]; ?>#edit'><img src='images/red.gif' border=0></a>&nbsp;<a href='haloe_alert.php?id=<?php print $haloe_message[$haloe_config["id"]]; ?>#edit'><img src='images/green.gif' border=0></a></center>
</td>

Put this in:

Code: Select all

<td nowrap valign=top style="border-bottom:1px solid #000000">
	<?php print $haloe_message[$haloe_config["hostField"]];?>
</td>
<td nowrap valign=top style="border-bottom:1px solid #000000">
	<?php print "&nbsp;";?>
</td>
<td nowrap valign=top style="border-bottom:1px solid #000000">
	<?php print $haloe_message[$haloe_config["dateField"]];?>
</td>
<td nowrap valign=top style="border-bottom:1px solid #000000">
	<?php print $haloe_message[$haloe_config["timeField"]];?>
</td>
<td nowrap style="border-bottom:1px solid #000000">
	<?php print "&nbsp;";?>
</td>
<td valign=top style="border-bottom:1px solid #000000">
	<?php print $haloe_message[$haloe_config["textField"]];?>
</td>
<td nowrap valign=top style="border-bottom:1px solid #000000">
	<?php print $haloe_message[$haloe_config["priorityField"]];?>
</td>
<td nowrap valign=top style="border-bottom:1px solid #000000">
	<center><a href='haloe_remove.php?id=<?php print $haloe_message[$haloe_config["id"]]; ?>#edit'><img src='images/red.gif' border=0></a>&nbsp;<a href='haloe_alert.php?id=<?php print $haloe_message[$haloe_config["id"]]; ?>#edit'><img src='images/green.gif' border=0></a></center>
</td>

If its a little hard to tell all the changes then just put

Code: Select all

style="border-bottom:1px solid"

in each "<td>" tag and put the two "&nbsp;" in the other two blank cells. I had to do that last one for Firefox at least, I didn't try other browsers.

There might be a more efficient way to do this, but I've never been to efficient at HTML and I just started with PHP

[twelzy]

nahun,

It works perfectly!
(I just changed the color of the lines from '000000' to '555555'...)

Thank you very much!
(...and sorry for my poor English!)

[nahun]

So alerts actually do work for me, but not if I set the alert rule to "hostname is" which is all I was trying until I saw part in the setup.php. In the haloe_poller_bottom function there is this part:

Code: Select all

/* SEND OUT ALERTS ON THINGS WE SPECIFY */
	$alertarray = db_fetch_assoc("SELECT * FROM " . $haloe_config["alertTable"]);
	foreach ($alertarray as $alert) {
		$sql = '';
		$alertm = '';
		if ($alert['type'] == 'messageb') {
			$sql = 'select * from ' . $haloe_config["incomingTable"] . " where " . $haloe_config["textField"] . " like '" . $alert['message'] . "%' and status=1";
		}
		if ($alert['type'] == 'messagec') {
			$sql = 'select * from ' . $haloe_config["incomingTable"] . " where " . $haloe_config["textField"] . " like '%" . $alert['message'] . "%' and status=1";
		}
		if ($alert['type'] == 'messagee') {
			$sql = 'select * from ' . $haloe_config["incomingTable"] . " where " . $haloe_config["textField"] . " like '%" . $alert['message'] . "' and status=1";
		}

There doesn't seem to be the if statement

Code: Select all

if ($alert['type'] == 'host')

I think I'll write it and see if it works. If someone beats me to it, let us know. I'm not even sure if I'm anywhere near right

[nahun]

Ok I got everything to work now. Under:

Code: Select all

/* SEND OUT ALERTS ON THINGS WE SPECIFY */
	$alertarray = db_fetch_assoc("SELECT * FROM " . $haloe_config["alertTable"]);
	foreach ($alertarray as $alert) {
		$sql = '';
		$alertm = '';

Add:

Code: Select all

if ($alert['type'] == 'host') {
			$sql = 'select * from ' . $haloe_config["incomingTable"] . " where " . $haloe_config["hostField"] . "='" . $alert['msg'] . "' and status=1";
		}

Also, if your alert_table has a msg field instead of message then in the if statements change:

Code: Select all

$alert['message']

to

Code: Select all

$alert['msg']

To add the message to the email change

Code: Select all

$alertm .= "<table cellpadding=1 cellspacing=0 border=0 bgcolor='#000000' width=500><tr><td><table width='100%' cellpadding=1 cellspacing=0 border=0 bgcolor='#FFFFFF'>\n";
				$alertm .= '<tr bgcolor="#dedede"><td>Hostname</td><td>: ' . $a['host'] . "</td></tr>\n";
				$alertm .= '<tr bgcolor="#dedede"><td>Date</td><td>: ' . $a['date'] . ' ' . $a['time'] . "</td></tr>\n";
				$alertm .= '<tr bgcolor="#dedede"><td>Severity</td><td>: ' . $a['priority'] . "</td></tr>\n";
				$alertm .= '<tr bgcolor="#000000"><td colspan=2 height=1>' . "</td></tr>\n";
				$alertm .= '<tr><td colspan=2>' . $a['message'] . "\n</td></tr>";
				$alertm .= "</table></td></tr></table><br><br>\n";

to

Code: Select all

$alertm .= "<table cellpadding=1 cellspacing=0 border=0 bgcolor='#000000' width=500><tr><td><table width='100%' cellpadding=1 cellspacing=0 border=0 bgcolor='#FFFFFF'>\n";
				$alertm .= '<tr bgcolor="#dedede"><td>Hostname</td><td>: ' . $a['host'] . "</td></tr>\n";
				$alertm .= '<tr bgcolor="#dedede"><td>Date</td><td>: ' . $a['date'] . ' ' . $a['time'] . "</td></tr>\n";
				$alertm .= '<tr bgcolor="#dedede"><td>Severity</td><td>: ' . $a['priority'] . "</td></tr>\n";
				$alertm .= '<tr bgcolor="#dedede"><td>Message</td><td>: ' . $a['msg'] . "</td></tr>\n";
				$alertm .= '<tr bgcolor="#000000"><td colspan=2 height=1>' . "</td></tr>\n";
				$alertm .= '<tr><td colspan=2>' . $a['message'] . "\n</td></tr>";
				$alertm .= "</table></td></tr></table><br><br>\n";

[kingaru]

Soo.. if I'm correct the setup.php should select records for alarm which have "status=1" ... I just checked my database and all records in my syslog_incoming database have status=0 ... where and how this status is changing? Why it is always stays 0?

Thoughts?

Igor

[Amag]

Hey folks -

Great mod and great plugin architecture! I'm using Cigamit's version and it's working fine, but I have one problem/question:

My setup:

200+ devices logging to Kiwi Syslogger
Kiwi forwards to Cacti Syslogd

Cacti syslog seems to be behind by almost an hour! That is, I can cause a syslog event and it's immediately written to my Kiwi syslog, but it takes almost an hour for it to pop up in the Cacti syslog. I'm sure that Kiwi is forwarding immediately as I have it forwarding to another device and it receives it immediately.

The question:
1) Is Cacti only polling its syslogd to post to Cacti every x amount of minutes? If so, what is this timeframe and how do we change it?
2) If not, can someone give me any suggestions to troubleshoot?

Thanks as usual!
a.

[klr0514]

I have been working on this for a couple of days, but still not making much headway on this... Rather than beating my head on the wall a few more times, I was hoping someone may have some insight as to what is not working properly...

I am using Cacti 0.8.6h with the haloe plugin and the plugin architecture... I am getting the syslogs tab showing, and the tab seems to be working fine.... I have created tables and databases under MYSQL (5.0) and that seems to be okay. I have syslog-ng configure and that appears to be working. If I do a cat /tmp/mysql.pipe, I see the syslog alerts arriving:

INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '<ip_address of host>', 'local7', 'notice', 'notice','bd', '2006-04-04', '08:40:12', '316', '316: *Apr 4 12:26:14.226: %SYS-5-CONFIG_I: Configured from console by vty0' );

If I manually run MYSQL and run this command in the shell, this works fine. I still never see the output in my syslogs page... Here is the config.php:

$haloedb_type = "mysql";
$haloedb_default = "haloe";
$haloedb_hostname = "localhost";
$haloedb_username = "xxxxxx";
$haloedb_password = "xxxxxx";
/skip/
// Field Mappings, adjust to match the haloe table columns in use
$haloe_config["haloeTable"] = "syslog";
$haloe_config["incomingTable"] = "syslog_incoming";
$haloe_config["removeTable"] = "syslog_remove";
$haloe_config["alertTable"] = "syslog_alert";
$haloe_config["dateField"] = "date";
$haloe_config["timeField"] = "time";
$haloe_config["priorityField"] = "priority";
$haloe_config["facilityField"] = "facility";
$haloe_config["hostField"] = "host";
$haloe_config["textField"] = "message";
$haloe_config["id"] = "seq";


Any ideas??

[nahun]

Soo.. if I'm correct the setup.php should select records for alarm which have "status=1" ... I just checked my database and all records in my syslog_incoming database have status=0 ... where and how this status is changing? Why it is always stays 0?

All of mine are status=0 too, and I couldn't find where it would change that, but alerts are working for me. So I'm not quite sure. I'll check some more.

The question:
1) Is Cacti only polling its syslogd to post to Cacti every x amount of minutes? If so, what is this timeframe and how do we change it?
2) If not, can someone give me any suggestions to troubleshoot?

The syslogs are moved from the syslog_incoming table to the syslog table every time cacti does its polling. So unless you have it set to once an hour, I don't know. You can check to see if the syslogs are getting inserted into the syslog_incoming table right away and if they just sit there for a long time.

I still never see the output in my syslogs page...

Could you post the column structure of the syslog and syslog_incoming tables? Specifically looking for the msg column, it might be message. You have to change some code in haloe to get it to work with msg. Check some of the posts at the beginning of this page.

[klr0514]

[root@dhcp-alpha-161-44-186-15 haloe]# /usr/local/mysql/bin/mysqlshow -u root --password=xxxx haloe
Database: haloe
+-----------------+
| Tables |
+-----------------+
| logs |
| syslog |
| syslog_alert |
| syslog_incoming |
| syslog_remove |
+-----------------+
[root@dhcp-alpha-161-44-186-15 haloe]# /usr/local/mysql/bin/mysqlshow -u root --password=xxxx haloe logs
Database: haloe Table: logs
+----------+------------------+-------------------+------+-----+---------+----------------+---------------------------------+---------+
| Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment |
+----------+------------------+-------------------+------+-----+---------+----------------+---------------------------------+---------+
| host | varchar(32) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| facility | varchar(10) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| priority | varchar(10) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| level | varchar(10) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| tag | varchar(10) | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| date | date | | YES | MUL | | | select,insert,update,references | |
| time | time | | YES | MUL | | | select,insert,update,references | |
| program | varchar(15) | latin1_swedish_ci | YES | MUL | | | select,insert,update,references | |
| msg | text | latin1_swedish_ci | YES | | | | select,insert,update,references | |
| seq | int(10) unsigned | | NO | PRI | | auto_increment | select,insert,update,references | |
+----------+------------------+-------------------+------+-----+---------+----------------+---------------------------------+---------+
[root@dhcp-alpha-161-44-186-15 haloe]#