Syslog monitor addon beta
Moderators: Developers, Moderators
Hi,
The Syslog plugin is great and is a big plus to the Cacti application. Only one minor thing isn't working like I was hoping for, but due to the lack of knowledge about php/mysql (just a Cisco network administrator with a passion for linux/unix), I can't seem to solve it myself.
The problem is pretty simpel. Entries get displayed "twice", or more specific: date, time & message sequence is displayed twice. Example of a logging entry:
As you can see, date and time are added seperate int the database, but also together with the message. The same goed for the seq # (36761 in this example). On page 9 of this topic you can see twelzy's screenshot which (besides the seq number) does the same thing.
Can anyone help me to fix this? If you need more info, let me know!
Regards,
Whizzer
The Syslog plugin is great and is a big plus to the Cacti application. Only one minor thing isn't working like I was hoping for, but due to the lack of knowledge about php/mysql (just a Cisco network administrator with a passion for linux/unix), I can't seem to solve it myself.
The problem is pretty simpel. Entries get displayed "twice", or more specific: date, time & message sequence is displayed twice. Example of a logging entry:
Code: Select all
INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, program, msg)
VALUES ( 'switch15', 'local6', 'notice', 'notice', 'b5', '2006-11-30', '13:46:48', '36761:', '36761: Nov 30 13:46:48.115 CET: LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet3/7, changed state to up' );
Can anyone help me to fix this? If you need more info, let me know!
Regards,
Whizzer
What syslog to mysql program are you using? Its the one doing it improperly. Unless ofcourse your servers are reporting improperly to the server. The plugin only reads what the syslog daemon actually inserted, and directly moves it over.Whizzer wrote: As you can see, date and time are added seperate int the database, but also together with the message.
I've used a script which also was found somewhere around here. Several version are posted, maybe it's the wrong one.cigamit wrote:What syslog to mysql program are you using? Its the one doing it improperly. Unless ofcourse your servers are reporting improperly to the server. The plugin only reads what the syslog daemon actually inserted, and directly moves it over.Whizzer wrote: As you can see, date and time are added seperate int the database, but also together with the message.
Let me post some (hopefully) interesting info for you:
OS: Fedora Core 6
Cacti: 0.8.6i
Mysql: 5.0.27 (The one which comes with FC6 or yum updates)
And of course syslog-ng.
Most interesting part of syslog-ng.conf:
Code: Select all
destination d_mysql {
pipe("/tmp/mysql.pipe" template("INSERT INTO syslog_incoming (host, facility, priority, level, tag, date, time, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
Code: Select all
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u TheUser --password=ThePassword syslog < /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi
Code: Select all
mysql> SHOW COLUMNS FROM syslog;
+----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+------------------+------+-----+---------+----------------+
| facility | varchar(10) | YES | | NULL | |
| priority | varchar(10) | YES | | NULL | |
| date | date | YES | | NULL | |
| time | time | YES | | NULL | |
| host | varchar(128) | YES | | NULL | |
| message | text | YES | | NULL | |
| seq | int(10) unsigned | NO | PRI | NULL | auto_increment |
+----------+------------------+------+-----+---------+----------------+
7 rows in set (0.01 sec)
mysql>
I have a similar problem I think.
I am running CactiEZ Beta v0.2 with no modifications except the Discovery plugin has been updated.
Host Info follows:
It works great. All I do is tell my Cisco switch to log to the CactiEZ server on Local3 and the host and log entries show up under the Syslog tab in Cacti. My only problem is that all of these Net entries are doubled.
Localhost entries are not.
Can someone give me a clue as to why that might be?
Thanks!
I am running CactiEZ Beta v0.2 with no modifications except the Discovery plugin has been updated.
Host Info follows:
I used Webmin to configure Local3 facility coming in via Net source to go to MySQL.Cacti Version - 0.8.6i
Plugin Architecture - 1.0
Poller Type - Cactid v0.8.6i
Server Info - Linux 2.6.9-42.0.3.EL
Web Server - Apache/2.0.52 (CentOS)
PHP - 4.3.9
PHP Extensions - yp, xml, wddx, tokenizer, sysvshm, sysvsem, standard, sockets, shmop, session, pspell, posix, pcre, overload, mime_magic, iconv, gmp, gettext, ftp, exif, dio, dbx, dba, curl, ctype, calendar, bz2, bcmath, zlib, openssl, apache2handler, gd, mysql, snmp, eAccelerator
MySQL - 4.1.20
RRDTool - 1.2.15
SNMP - 5.1.2
Plugins
- PHP Network Weathermap (weathermap - v0.82)
Thresholds (thold - v0.3.0)
Device Monitoring (monitor - v0.7)
Network Discovery (discovery - v0.7)
Network Tools (tools - v0.2)
Syslog Monitoring (haloe - v0.4)
mactrack
RRD Cleaner (rrdclean - v1.1)
Update Checker (update - v0.3)
FlowView (flowview - v0.3)
Host Info (hostinfo - v0.1)
Error Images (errorimage - v0.1)
It works great. All I do is tell my Cisco switch to log to the CactiEZ server on Local3 and the host and log entries show up under the Syslog tab in Cacti. My only problem is that all of these Net entries are doubled.
Localhost entries are not.
Can someone give me a clue as to why that might be?
Thanks!
syslog installation issues
Hi all.
I want to see syslog from systems. I already installed syslog-ng and when I install the haloe plugin I see no data. Is there something I am missing? Do I have to configure syslog-ng?
I have the following installed
Cacti Version 0.8.6i
Plugin Architecture 1.0
Poller Type CMD.php
Server Info Linux 2.6.9-34.ELsmp
Web Server Apache/2.0.52 (Red Hat)
PHP Version 4.3.9
PHP Extensions yp, xml, wddx, tokenizer, sysvshm, sysvsem, standard, sockets, shmop, session, pspell, posix, pcre, overload, mime_magic, iconv, gmp, gettext, ftp, exif, dio, dbx, dba, curl, ctype, calendar, bz2, bcmath, zlib, openssl, apache2handler, ldap, mysql, snmp
MySQL Version 4.1.20
RRDTool Version 1.2.15
SNMP Version 5.1.2
Plugins PHP Network Weathermap (weathermap - v0.82)
Thresholds (thold - v0.3.0)
Update Checker (update - v0.3)
Host Info (hostinfo - v0.1)
Network Tools (tools - v0.2)
Device Monitoring (monitor - v0.7)
NTop Viewer (ntop - v0.1)
Syslog Monitoring (haloe - v0.4)
Can someone help me? E-mail me or post. My e-mail address is dpf5@yahoo.com
I want to see syslog from systems. I already installed syslog-ng and when I install the haloe plugin I see no data. Is there something I am missing? Do I have to configure syslog-ng?
I have the following installed
Cacti Version 0.8.6i
Plugin Architecture 1.0
Poller Type CMD.php
Server Info Linux 2.6.9-34.ELsmp
Web Server Apache/2.0.52 (Red Hat)
PHP Version 4.3.9
PHP Extensions yp, xml, wddx, tokenizer, sysvshm, sysvsem, standard, sockets, shmop, session, pspell, posix, pcre, overload, mime_magic, iconv, gmp, gettext, ftp, exif, dio, dbx, dba, curl, ctype, calendar, bz2, bcmath, zlib, openssl, apache2handler, ldap, mysql, snmp
MySQL Version 4.1.20
RRDTool Version 1.2.15
SNMP Version 5.1.2
Plugins PHP Network Weathermap (weathermap - v0.82)
Thresholds (thold - v0.3.0)
Update Checker (update - v0.3)
Host Info (hostinfo - v0.1)
Network Tools (tools - v0.2)
Device Monitoring (monitor - v0.7)
NTop Viewer (ntop - v0.1)
Syslog Monitoring (haloe - v0.4)
Can someone help me? E-mail me or post. My e-mail address is dpf5@yahoo.com
Yep, it has to be configured, and a script has to be setup. Most of the important items have already been done for you, just need to copy and paste.
Google Serach of Cacti.net
Google Serach of Cacti.net
syslog-ng with plugin not working for me PLEASE HELP
Hi all.
Can you please give me a detail instructions on how to do this? I am really having some difficulty.
I have already created the mysql database called syslog.
I just need help with seeing the syslogs in the plugin in cacti.
Can someone help me? E-mail me or post. My e-mail address is dpf5@yahoo.com
Can you please give me a detail instructions on how to do this? I am really having some difficulty.
I have already created the mysql database called syslog.
I just need help with seeing the syslogs in the plugin in cacti.
Can someone help me? E-mail me or post. My e-mail address is dpf5@yahoo.com
Problems searching message
When I try to search the message text for an IP address (192.168.1.1) it doesn't put the periods in the search area. It replaces them with spaces (192 168 1 1) Because of this, it never returns the correct data. How can I search for IP addresses?
"So Long, and thanks for all the fish!" DA
Re: Problems searching message
Known bug, I am working on it.pconrad wrote:When I try to search the message text for an IP address (192.168.1.1) it doesn't put the periods in the search area. It replaces them with spaces (192 168 1 1) Because of this, it never returns the correct data. How can I search for IP addresses?
This is a feature request, so not urgent, just a suggestion.
I get millions of logs so I don't keep them all in one table. I wrote a script to move them into another table each week. Sometimes though I would like to view those old syslogs in other tables. Maybe there could be a setting of which table to use to view the syslogs without going to the config.php.
Just a suggestion and it might be stupid
I get millions of logs so I don't keep them all in one table. I wrote a script to move them into another table each week. Sometimes though I would like to view those old syslogs in other tables. Maybe there could be a setting of which table to use to view the syslogs without going to the config.php.
Just a suggestion and it might be stupid
[size=75]Solaris 10 x86 [color=red][b]||[/b][/color] Cacti - 0.8.7 [color=red][b]||[/b][/color] MySQL - 5.0.45 [color=red][b]||[/b][/color] PHP - 5.2.6 [color=red][b]||[/b][/color] RRDTool - 1.2.23 [color=red][b]||[/b][/color] NET-SNMP - 5.4.1 [color=red][b]||[/b][/color] Syslog-ng 2.0.5
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
[url=http://www.indigo-networks.com]indigo-networks.com[/url][/size]
- adrianmarsh
- Cacti User
- Posts: 437
- Joined: Wed Aug 17, 2005 8:51 am
- Location: UK
nahun,
Not a stupid suggestion. I too have the same problem. I "snort" one windows server event log out to my cacti PC, and after about 2 weeks worth of logs it takes an age to even view the syslog plugin, never mind search it.
Clearing the syslog tables is my temporary fix (not a good one obviously).
I'd be interested in seeing your script for moving the tables.
Adrian
Not a stupid suggestion. I too have the same problem. I "snort" one windows server event log out to my cacti PC, and after about 2 weeks worth of logs it takes an age to even view the syslog plugin, never mind search it.
Clearing the syslog tables is my temporary fix (not a good one obviously).
I'd be interested in seeing your script for moving the tables.
Adrian
I read over this thread (all 17 pages!), and didn't see an answer to the question I have:
Does this work with the cactid poller, or do you have to run poller.php to have this work? I've converted our cacti install here to use cactid, but the cronjob that runs poller.php is still in place (if I comment it out, syslogs no longer update)..
Help?
Does this work with the cactid poller, or do you have to run poller.php to have this work? I've converted our cacti install here to use cactid, but the cronjob that runs poller.php is still in place (if I comment it out, syslogs no longer update)..
Help?
- adrianmarsh
- Cacti User
- Posts: 437
- Joined: Wed Aug 17, 2005 8:51 am
- Location: UK
Who is online
Users browsing this forum: No registered users and 3 guests