Cacti (home)ForumsDocumentation

Syslog Configuration

Database Location

Prior to configuring your syslog server, you must first choose whether you are going to use the Cacti database, or you are going to use a external database.

Setup using Cacti Database

If you use the Cacti Database, the plugin install will take care of the creation of tables.

Setup using a Separate Database

If you use a external database, you must create it prior to installing the syslog plugin1):

mysqladmin -u{username} -p{password} [-h{host}] create {external}
mysql -u{username} -p{password} [-h{host}] {external} <syslog.sql

Next, edit 'config.php', changing:

$use_cacti_db = true;

to

$use_cacti_db = false;

Then, edit lines 31 - 37 to reflect your configuration:

if (!$use_cacti_db) {
        $syslogdb_type     = 'mysql';
        $syslogdb_default  = 'syslog';
        $syslogdb_hostname = 'localhost';
        $syslogdb_username = 'cactiuser';
        $syslogdb_password = 'cactiuser';
        $syslogdb_port     = 3306;

Central Logger

This section covers the configuration of your central logger to log its messages to the database. Each syslog server may have different methods to obtain the same results, but these instructions will get you up and running.

Currently, only rsyslog is covered

rsyslog

Install rsyslog and rsyslog-mysql

Red Hat:

yum install rsyslog rsyslog-mysql

Mandriva:

urpmi rsyslog rsyslog-mysql

Next, edit your rsyslog configuration files to load the mysql module and redirect messages

Red Hat: Edit '/etc/rsyslog.conf' and add the following lines to the top:

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >{mysql_server},{db_name},{db_users},{db_pass};cacti_syslog

Ensure you replace {mysql_server},etc with your settings, for example:

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >localhost,syslog,cactiuser,cactiuser;cacti_syslog

Mandriva: Edit /etc/rsyslog.d/01_mysql.conf and add the following to the end of the file:

$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >localhost,syslog,cactiuser,cactiuser;cacti_syslog

Restart 'rsyslogd', and you should see syslog_incoming being populated.

You can now continue with the syslog installation

Forwarding

This section covers forwarding of syslog messages to your central logger

If you haven't worked with syslog much, you should slowly add hosts to your central server to get a feeling for how much traffic will be produced by each specific host type

The default configuration will continue to write log information to the text files - which means that every host you add may log to the central text files as well

In all cases, replace 192.168.0.111 with the IP of your central syslog server

rsyslog

syslog/sysklog

Add this line to your '/etc/syslog.conf'

*.*     @192.168.0.111

*.* will redirect everything to your central server You may wish to just redirect info.* and/or notice.*

syslog-ng

In '/etc/syslog-ng.conf', add the following line:

destination cacti_syslog     { udp("192.168.0.111" port(514)); };

Then append this line with 'destination(cacti_syslog);'

log { source(sys); destination(consoleall); };

becomes

log { source(sys); destination(consoleall); destination(cacti_syslog); }

Alternatively, anywhere that you have a 'log' line that you want to redirect, append 'destination(cacti_syslog);'

log { source(sys); filter(f_cron); filter(f_info); destination(croninfo); destination(cacti_syslog); };
log { source(sys); filter(f_cron); filter(f_warn); destination(cronwarn); destination(cacti_syslog); };
log { source(sys); filter(f_cron); filter(f_error); destination(cronerr); destination(cacti_syslog); };

Cisco

Router

The simplest form of logging in a Cisco Router can be done with:

logging 192.168.0.111
1) The second line is not necessary in all cases, but it can't hurt





Personal Tools