Syslog Configuration
Database Location
Prior to configuring your syslog server, you must first choose whether you are going to use the Cacti database, or you are going to use a external database.
Setup using Cacti Database
If you use the Cacti Database, the plugin install will take care of the creation of tables.
Setup using a Separate Database
If you use a external database, you must create it prior to installing the syslog plugin1):
mysqladmin -u{username} -p{password} [-h{host}] create {external} mysql -u{username} -p{password} [-h{host}] {external} <syslog.sql
Next, edit 'config.php', changing:
$use_cacti_db = true;
to
$use_cacti_db = false;
Then, edit lines 31 - 37 to reflect your configuration:
if (!$use_cacti_db) { $syslogdb_type = 'mysql'; $syslogdb_default = 'syslog'; $syslogdb_hostname = 'localhost'; $syslogdb_username = 'cactiuser'; $syslogdb_password = 'cactiuser'; $syslogdb_port = 3306;
Central Logger
This section covers the configuration of your central logger to log its messages to the database. Each syslog server may have different methods to obtain the same results, but these instructions will get you up and running.
rsyslog
Install rsyslog and rsyslog-mysql
Red Hat:
yum install rsyslog rsyslog-mysql
Mandriva:
urpmi rsyslog rsyslog-mysql
Next, edit your rsyslog configuration files to load the mysql module and redirect messages
Red Hat: Edit '/etc/rsyslog.conf' and add the following lines to the top:
$ModLoad ommysql $template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL *.* >{mysql_server},{db_name},{db_users},{db_pass};cacti_syslog
Ensure you replace {mysql_server},etc with your settings, for example:
$ModLoad ommysql $template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL *.* >localhost,syslog,cactiuser,cactiuser;cacti_syslog
Mandriva: Edit /etc/rsyslog.d/01_mysql.conf and add the following to the end of the file:
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL *.* >localhost,syslog,cactiuser,cactiuser;cacti_syslog
Restart 'rsyslogd', and you should see syslog_incoming being populated.
Forwarding
This section covers forwarding of syslog messages to your central logger
rsyslog
Read this documentation: http://www.rsyslog.com/doc-rsyslog_reliable_forwarding.html
syslog/sysklog
Add this line to your '/etc/syslog.conf'
*.* @192.168.0.111
syslog-ng
In '/etc/syslog-ng.conf', add the following line:
destination cacti_syslog { udp("192.168.0.111" port(514)); };
Then append this line with 'destination(cacti_syslog);'
log { source(sys); destination(consoleall); };
becomes
log { source(sys); destination(consoleall); destination(cacti_syslog); }
Alternatively, anywhere that you have a 'log' line that you want to redirect, append 'destination(cacti_syslog);'
log { source(sys); filter(f_cron); filter(f_info); destination(croninfo); destination(cacti_syslog); }; log { source(sys); filter(f_cron); filter(f_warn); destination(cronwarn); destination(cacti_syslog); }; log { source(sys); filter(f_cron); filter(f_error); destination(cronerr); destination(cacti_syslog); };
Cisco
Router
The simplest form of logging in a Cisco Router can be done with:
logging 192.168.0.111