Syslog plugin

General discussion about Plugins for Cacti

Moderators: Developers, Moderators

skywalkerznz
Posts: 21
Joined: Mon Jan 02, 2023 11:43 am

Syslog plugin

Post by skywalkerznz »

Hello!

I have installed Syslog plugin, but opted to create a new database, syslog, and everything was working fine, following the youtube video, I saw some rsyslog errors, and i restarted the server, after that, the poller stopped working along with Syslog, I have tried to see where I went wrong but nothing I could put a finger on.

Thank you!

#####################

rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-01-12 11:21:57 EAT; 8min ago
TriggeredBy: ● syslog.socket
Docs: man:rsyslogd(8)
man:rsyslog.conf(5)
https://www.rsyslog.com/doc/
Main PID: 1024 (rsyslogd)
Tasks: 5 (limit: 37979)
Memory: 3.8M
CPU: 41ms
CGroup: /system.slice/rsyslog.service
└─1024 /usr/sbin/rsyslogd -n -iNONE

Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: could not load module 'ommysql', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so: /usr/lib/x86_>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: error during parsing file /etc/rsyslog.d/cacti.conf, on or before line 10: errors occured in file '/etc/rsyslog.d/cacti.co>
Jan 12 11:21:57 192.168.1.1 systemd[1]: Started System Logging Service.
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: could not load module 'ommysql', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so: /usr/lib/x86_>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: module name 'ommysql' is unknown [v8.2112.0 try https://www.rsyslog.com/e/2209 ]
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: error during parsing file /etc/rsyslog.d/mysql.conf, on or before line 5: errors occured in file '/etc/rsyslog.d/mysql.con>
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2112.0]
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: rsyslogd's groupid changed to 113
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: rsyslogd's userid changed to 107
Jan 12 11:21:57 192.168.1.1 rsyslogd[1024]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="1024" x-info="https://www.rsyslog.com"] start
lines 1-24/24 (END)

#########################

cactid.service - Cacti Daemon Main Poller Service
Loaded: loaded (/etc/systemd/system/cactid.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-01-12 11:21:59 EAT; 12min ago
Process: 1005 ExecStart=/var/www/html/cacti/cactid.php (code=exited, status=0/SUCCESS)
Main PID: 1268 (php)
Tasks: 1 (limit: 37979)
Memory: 108.4M
CPU: 30min 34.371s
CGroup: /system.slice/cactid.service
└─1268 php /var/www/html/cacti/cactid.php

Jan 12 11:21:56 192.168.1.1 systemd[1]: Starting Cacti Daemon Main Poller Service...
Jan 12 11:21:59 192.168.1.1 cactid.php[1005]: Starting Cacti Daemon ... [OK]
Jan 12 11:21:59 192.168.1.1 systemd[1]: Started Cacti Daemon Main Poller Service.
Jan 12 11:23:27 192.168.1.1 php[1268]: CACTI: Database Connection went away. Attempting to reconnect!

#########################
skywalkerznz
Posts: 21
Joined: Mon Jan 02, 2023 11:43 am

Re: Syslog plugin

Post by skywalkerznz »

I was able to fix the user error, but the poller is still not working.

POLLER: Poller[Main Poller] PID[2400] WARNING: Cron is out of sync with the Poller Interval! The Poller Interval is '300' seconds, with a maximum of a '300' second Cron, but 600.4 seconds have passed since the last poll!
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: Syslog plugin

Post by TheWitness »

Well, the rsyslog and the poller issues are separate. I suggest you install the rsyslog-mysql module and get that configured first. The other issue I'm simply not certain of.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
skywalkerznz
Posts: 21
Joined: Mon Jan 02, 2023 11:43 am

Re: Syslog plugin

Post by skywalkerznz »

Thank you, I installed the rsyslog-mysql and the it started working, its a great plugin. Thank you.
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

I am just looking into syslog on my setup (again my cacti is running on windows using mysql 5.7. my cacti is 1.2.23)
can i have the CLOG go to the syslog, or is this just for other devices to send logs to the CACTI server to display in the syslog tab?

i chose to use the CACTI database, I assume to use this against windows servers, I'd need the RSYLOG agent installed and configured on every client server? If this can use that agent and pull event logs, this would solve a GREAT many things where I am at today (and thus letting me nuke the SCOM server we hate so much)
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: Syslog plugin

Post by TheWitness »

Syslog is a receiver, you need to send it stuff. It's that simple.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

TheWitness wrote: Tue Jan 24, 2023 9:22 pm Syslog is a receiver, you need to send it stuff. It's that simple.
that is what i thought. thank you for confirming
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

so, im trying to find a way to send windows event logs to the cacti syslog plug in.
right now im following the following tutorial... is the cacti syslog plug in using the same port mentioned here?
https://www.igoroseledko.com/sending-wi ... te-syslog/

i am hoping to be able to do this with as little financial backing as possible.. if this is even possible in that manner. Im also trying my very best to avoid requesting a change to install an agen, but if nxlog can do this, i might be able to get a buy in on that.
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: Syslog plugin

Post by TheWitness »

There are some commercial and open source binaries for that. Unfortunately Microsoft SUCKS and does not really follow Linux/UNIX standard logging conversions. As such, I kind of abandoned Windows. For me it's a platform that supplies a browser and putty. Other than that, it's NSA spyware.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

idownloaded a portable syslog server.
it happened to run on UDP port 514.
i set that and put NXLog into UDP mode for 514. that stand alone syslog server is working and accepting.
if i dont use that, i just send it to the cacti server (which is the same server im using the stand-alone syslog server on ), nxlog tells me the target machine actively refused it.. which means to me, that nothing is listening on port 514.
Can you confirm for me that i should be using port 514 for the syslog plugin?
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

ok i got nxlog to stop giving me errors but its not sending anything into cacti.
I think i may understand the issue..

NXLog looks at the windows event logs, a txt file, or whatever input i want i to look at.
I tell NXLog send that data to a file, or a syslog server, and configure that syslog server's settings. It then should just connect and forward that information to the syslog server.
I think the disconnect for me here is that cacti itself is not acting like a syslog server in the traditional sense. I think I need something to take the data from NXLog and get that put into the cacti database.
In other words it would flow like this
LXLog (pulls from whatever source, manipulates it and sends to) >---- Syslog Server (such as ryslog or something simular) that syslog server then forwards that data to >---------------------- mysql's cacti datbase ..

am i on the right or wrong track with this methodology? or should cacti itself respond on UDP port 514 as any other syslog server does?
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

ok nxlog by itself in my setup didnt pan out "out of the box"
id have to setup an ODBC connection to the cacti db and upload that way.

alternatively, i used cygwin to get syslog-ng on the windows server as there is a port for it.
what i need to figure out is the correct syntax for my syslog-ng server to write to the cacti database, and then i think i'd have the plug in working.... i hope.
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

anyone familiar with using syslog-ng for sending data into mysql?
if so can someone please check my code here before i attempt to make it work? This is for my syslog-ng config file. currently i have it writting to the 'messages' file and confirmed using tail that my setup is capturing data. this next step is to get it into the cacti tables for the syslog plug in


destination d_sql_messages {
sql(type(mysql)
host("127.0.0.1") username("root") password("mysql_password")
database("cacti")
table("syslog_incoming")
columns('facility_id, priority_id, program, logtime, host, message)
values('', '%syslogfacility%',' %syslogpriority%','%programname%','%timegenerated:::date-mysql%','%HOSTNAME%','TRIM('%msg%'))"
indexes("id","host","program","datetime"));
};
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: Syslog plugin

Post by TheWitness »

Both rsyslog and syslog-ng work fine with the syslog plugin. The author and owner of syslog-ng and the company is an old Cacti user. Have not talked to him in several years though.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
mrossTTX
Cacti User
Posts: 114
Joined: Wed Dec 07, 2022 12:49 pm

Re: Syslog plugin

Post by mrossTTX »

it appears the syslong-ng server that someone ported to windows via cygwin is missing the mysql modules (and any sql modules).
Rysyslog has a windows AGENT but it's syslog server only appears to run on a linux server.
reason im trying to do it all on the same windows box is that where im at we're inundated with a crazy ITIL request procedure for me to build another VM .. even if it was just to run rysylog of syslog-ng on it.
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests