Syslog monitor addon beta

[egarnel]

Thanks,

I changed syslog-ng.conf with your recommendations.
source net is "source net { udp(); };"

I ran the script to create the fifo

Code: Select all

#!/bin/bash

if [ -e /tmp/mysql.pipe ]; then
        while [ -e /tmp/mysql.pipe ]
                do
                        mysql -u haloe --password=haloepassword haloe < /tmp/mysql.pipe
        done
else
        mkfifo /tmp/mysql.pipe
fi

and restarted syslog-ng.

but still no dice. port 514/udp is allowed into the firewall - checked that

[kingaru]

if you do "cat /tmp/mysql.pipe" do you see any ouptut?

Igor

Thanks,

I changed syslog-ng.conf with your recommendations.
source net is "source net { udp(); };"

I ran the script to create the fifo

Code: Select all

#!/bin/bash

if [ -e /tmp/mysql.pipe ]; then
        while [ -e /tmp/mysql.pipe ]
                do
                        mysql -u haloe --password=haloepassword haloe < /tmp/mysql.pipe
        done
else
        mkfifo /tmp/mysql.pipe
fi

and restarted syslog-ng.

but still no dice. port 514/udp is allowed into the firewall - checked that

[egarnel]

Nope, it just hangs there.

I have syslog-ng w/mysql working on another server with php-syslog frontend
(of course the db keys are different) and it works fine. Both servers are CentOS 3.6 with the same levels of php, mysql, etc.

[kingaru]

This means your syslog-ng does not send anything in to fifo ...
Are you 100% positive that are receiiving anything from a network
to your syslog-ng server? Can you run tcpdump on UDP 514 port to make sure that syslog gets messages from your network equipment?

Igor

Nope, it just hangs there.

I have syslog-ng w/mysql working on another server with php-syslog frontend
(of course the db keys are different) and it works fine. Both servers are CentOS 3.6 with the same levels of php, mysql, etc.

[farhan]

Hi Guys,

This is great plugin. But I am facing color problems. Please help me.

Thanks

[harlequin]

But I am facing color problems

What kind of problems?
Harlequin

[egarnel]

This means your syslog-ng does not send anything in to fifo ...
Are you 100% positive that are receiiving anything from a network
to your syslog-ng server? Can you run tcpdump on UDP 514 port to make sure that syslog gets messages from your network equipment?

Igor

Nope, it just hangs there.

I have syslog-ng w/mysql working on another server with php-syslog frontend
(of course the db keys are different) and it works fine. Both servers are CentOS 3.6 with the same levels of php, mysql, etc.

I am receiving syslog traffic

Code: Select all

this_box <-> Firewall                                                                                       0b/s 10.3k/s  10.3k/s
 10.10.10.204      514    UDP                            10.10.10.100      514                               0b    471k     471k

this_box <-> ssh1                                                                                         629b/s   66b/s   695b/s
 10.10.10.204       22    TCP                            10.10.10.202    43270                            26.6k   3.20k    29.8k

this_box <-> Firewall                                                                                     364b/s    0b/s   364b/s
 10.10.10.204        0     IP                            10.10.10.100        0                            16.1k     98b    16.2k

UNKNOWN <-> UNKNOWN                                                                                        36b/s    0b/s    36b/s
 0.0.0.0             0  ETHER                            0.0.0.0             0                            1.81k      0b    1.81k

I made sure that the mysql user & password that is specified in the mkfifo script does indeed has access to the haloe db.

[chewy009]

Will this work with MS SQL 2000? Will this work on a Windows 2003 Server either as the original install or the plugin that was created?

[chewy009]

Will this work with MS SQL 2000? Will this work on a Windows 2003 Server either as the original install or the plugin that was created?

[nduda78]

how do you get the data into haloe? I've installed kiwi but see no config...etc Ive also installed syslog-ng, but ther is no documentation on how to get it imported into haloe.

can someone write a more detailed setup guide?

[Jeppe]

Not a setup guide, more like a tip...

There's this handy syslogd that can talk natively to mysql...
http://www.rsyslog.com/

Quite early in development, but seems to work ok.

An example config to it and r.haloe would be something like this...

Code: Select all

$template haloe,"insert into logs (host, facility, priority, level, tag, date, time, msg) values ('%HOSTNAME%', %syslogfacility%, %syslogpriority%, %syslogpriority%, '%syslogtag%', DATE('%timereported:::date-mysql%'), TIME('%timereported:::date-mysql%'), '%msg:::drop-last-lf%')",sql

And...

Code: Select all

*.*             >localhost,<database>,<username>,<password>;haloe

Works for me.

-J

[Devil]

How about doing a search on for example Google?

I did a search on google and found many results that could help.

[nduda78]

I did a search on google, and have been trying like hell to get it working...nothign on google helps. I have syslog-ng working....as in, i can send messages to the syslog-ng daemon and the test messages appear in the syslog log file.....no matter what configs i do in the .conf file , nothing gets into the DB...the pipe file never works.

i'll try the other daemon mentioned.

[fin51]

Hi and thanks for the great addon. This was exactly something I had been looking for. The plugin works perfectly . I had one request for future functinonality. It would be nice if this addon had the ability to alert and send a email or page if certain Priorities or a regx is meet.

thanks

[egarnel]

same here. I have syslog-ng with a pipe into mysql running on another box just fine, but have no luck getting it to work on the Cacti server. I have verified that syslog traffic does indeed get to the server, syslog-ng is running and listening for syslog messages, etc. Both systems are the same OS, mysql ver & syslog-ng ver.

when I cat /tmp/mysql.pipe on the working box, it works fine, and I can see entries scroll by, but not on the second.