I have searched all topics regarding logs not showing in System Logs, but haven't found a solution to my problem.
The Cacti version is 1.2.17, the syslog plugin is version 3.2
I am using syslog-ng. It is properly configured. The logs go to table 'syslog_incoming'. The poller is working and on every run the messages are "processed", because they disappear from the incoming table.
The 'syslog' table remains empty. Other tables for example 'syslog_hosts' are populated.
When I run the syslog poller manually I get this :
root@linux:/usr/share/cacti/site/plugins/syslog# php -q syslog_process.php --debug --force-report
SYSLOG: Syslog Table is NOT Partitioned
SYSLOG: Deleted 0, Syslog Message(s) (older than 2021-06-07)
SYSLOG: Unique ID = 114
SYSLOG: Found 3, New Message(s) to process
SYSLOG: Found 0, Removal Rule(s) to process
SYSLOG: Found 2, Alert Rules to process
SYSLOG: Moved 0, Message(s) to the 'syslog' table
SYSLOG: Deleted 3, Already Processed Message(s) from incoming
SYSLOG: Deleted 0, Syslog alarm log Record(s)
SYSLOG: Deleted 0, Syslog Host Record(s)
SYSLOG: Deleted 0, Old programs from programs table
SYSLOG: Deleted 0, Syslog Host/Facility Record(s)
SYSLOG: Processing Reports...
SYSLOG: We have 0 Reports in the database
SYSLOG: Finished processing Reports...
2021-07-07 13:56:05 - SYSTEM SYSLOG STATS: Time:0.1 Deletes:0 Incoming:3 Removes:0 XFers:0 Alerts:2 Alarms:0 Reports:0
There are new messages. They are processed, because on an immediate next run they are 0. But no matter how many 'Found' I have there are 0 'Moved'.
Syslog plugin - Moved 0, Message(s) to the 'syslog' table
Moderators: Developers, Moderators
Re: Syslog plugin - Moved 0, Message(s) to the 'syslog' table
So I found the problem.
My syslog-ng had this configuration :
destination cacti-syslog {
sql(type(mysql)
host("localhost") username("cacti") password("****")
database("cacti")
table("syslog_incoming")
columns("facility", "priority", "logtime", "date", "time", "host", "message")
values("$FACILITY", "$PRIORITY", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$YEAR-$MONTH-$DAY", "$HOUR:$MIN:$SEC", "$HOST_FROM", "$MSG")
indexes("facility", "priority", "logtime", "date", "time", "host", "msg"));
};
This does not put anything in column 'program' so it stays NULL. When 'program' is NULL then this query in syslog_process.php does nothing :
/* move syslog records to the syslog table */
syslog_db_execute('INSERT INTO `' . $syslogdb_default . '`.`syslog`
(logtime, priority_id, facility_id, program_id, host_id, message)
SELECT logtime, priority_id, facility_id, program_id, host_id, message
FROM (SELECT logtime, priority_id, facility_id, sp.program_id, sh.host_id, message
FROM syslog_incoming AS si
INNER JOIN syslog_hosts AS sh
ON sh.host=si.host
INNER JOIN syslog_programs AS sp
ON sp.program=si.program
WHERE status=' . $uniqueID . ') AS merge');
It always affects 0 rows, because of the inner join with 'syslog_programs' which is empty.
I added $PROGRAM value to be inserted into 'program' column and now the log is moved properly to 'syslog' table.
Actually my syslog-ng config had other problems too, because it was filling the priority and facility columns wrong which led to her php notices in cacti log, especially when 'priority_id' is left NULL, so the final syslog-ng config that works properly is this:
destination cacti-syslog {
sql(type(mysql)
host("localhost") username("cacti") password("****")
database("cacti")
table("syslog_incoming")
columns("facility_id", "priority_id", "program", "logtime", "date", "time", "host", "message", "facility", "priority")
values("$FACILITY_NUM", "$LEVEL_NUM", "$PROGRAM", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$YEAR-$MONTH-$DAY", "$HOUR:$MIN:$SEC", "$HOST_FROM", "$MSG", "$FACILITY", "$PRIORITY")
indexes("facility_id", "priority_id", "program", "logtime", "date", "time", "host", "msg", "facility", "priority"));
};
My syslog-ng had this configuration :
destination cacti-syslog {
sql(type(mysql)
host("localhost") username("cacti") password("****")
database("cacti")
table("syslog_incoming")
columns("facility", "priority", "logtime", "date", "time", "host", "message")
values("$FACILITY", "$PRIORITY", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$YEAR-$MONTH-$DAY", "$HOUR:$MIN:$SEC", "$HOST_FROM", "$MSG")
indexes("facility", "priority", "logtime", "date", "time", "host", "msg"));
};
This does not put anything in column 'program' so it stays NULL. When 'program' is NULL then this query in syslog_process.php does nothing :
/* move syslog records to the syslog table */
syslog_db_execute('INSERT INTO `' . $syslogdb_default . '`.`syslog`
(logtime, priority_id, facility_id, program_id, host_id, message)
SELECT logtime, priority_id, facility_id, program_id, host_id, message
FROM (SELECT logtime, priority_id, facility_id, sp.program_id, sh.host_id, message
FROM syslog_incoming AS si
INNER JOIN syslog_hosts AS sh
ON sh.host=si.host
INNER JOIN syslog_programs AS sp
ON sp.program=si.program
WHERE status=' . $uniqueID . ') AS merge');
It always affects 0 rows, because of the inner join with 'syslog_programs' which is empty.
I added $PROGRAM value to be inserted into 'program' column and now the log is moved properly to 'syslog' table.
Actually my syslog-ng config had other problems too, because it was filling the priority and facility columns wrong which led to her php notices in cacti log, especially when 'priority_id' is left NULL, so the final syslog-ng config that works properly is this:
destination cacti-syslog {
sql(type(mysql)
host("localhost") username("cacti") password("****")
database("cacti")
table("syslog_incoming")
columns("facility_id", "priority_id", "program", "logtime", "date", "time", "host", "message", "facility", "priority")
values("$FACILITY_NUM", "$LEVEL_NUM", "$PROGRAM", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$YEAR-$MONTH-$DAY", "$HOUR:$MIN:$SEC", "$HOST_FROM", "$MSG", "$FACILITY", "$PRIORITY")
indexes("facility_id", "priority_id", "program", "logtime", "date", "time", "host", "msg", "facility", "priority"));
};
Who is online
Users browsing this forum: No registered users and 3 guests