Prior to configuring your syslog server, you must first choose whether you are going to use the Cacti database, or you are going to use a external database.

If you use the Cacti Database, the plugin install will take care of the creation of tables.

If you use a external database, you must create it prior to installing the syslog plugin¹⁾:

mysqladmin -u{username} -p{password} [-h{host}] create {external}
mysql -u{username} -p{password} [-h{host}] {external} <syslog.sql

Next, edit 'config.php', changing:

$use_cacti_db = true;

to

$use_cacti_db = false;

Then, edit lines 31 - 37 to reflect your configuration:

if (!$use_cacti_db) {
        $syslogdb_type     = 'mysql';
        $syslogdb_default  = 'syslog';
        $syslogdb_hostname = 'localhost';
        $syslogdb_username = 'cactiuser';
        $syslogdb_password = 'cactiuser';
        $syslogdb_port     = 3306;

This section covers the configuration of your central logger to log its messages to the database. Each syslog server may have different methods to obtain the same results, but these instructions will get you up and running.

Install rsyslog and rsyslog-mysql

Red Hat:

yum install rsyslog rsyslog-mysql

Mandriva:

urpmi rsyslog rsyslog-mysql

Next, edit your rsyslog configuration files to load the mysql module and redirect messages

Red Hat: Edit '/etc/rsyslog.conf' and add the following lines to the top:

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >{mysql_server},{db_name},{db_users},{db_pass};cacti_syslog

Ensure you replace {mysql_server},etc with your settings, for example:

$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >localhost,syslog,cactiuser,cactiuser;cacti_syslog

Mandriva: Edit /etc/rsyslog.d/01_mysql.conf and add the following to the end of the file:

$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >localhost,syslog,cactiuser,cactiuser;cacti_syslog

Restart 'rsyslogd', and you should see syslog_incoming being populated.

This section covers forwarding of syslog messages to your central logger

Read this documentation: http://www.rsyslog.com/doc-rsyslog_reliable_forwarding.html

Add this line to your '/etc/syslog.conf'

*.*     @192.168.0.111

In '/etc/syslog-ng.conf', add the following line:

destination cacti_syslog     { udp("192.168.0.111" port(514)); };

Then append this line with 'destination(cacti_syslog);'

log { source(sys); destination(consoleall); };

becomes

log { source(sys); destination(consoleall); destination(cacti_syslog); }

Alternatively, anywhere that you have a 'log' line that you want to redirect, append 'destination(cacti_syslog);'

log { source(sys); filter(f_cron); filter(f_info); destination(croninfo); destination(cacti_syslog); };
log { source(sys); filter(f_cron); filter(f_warn); destination(cronwarn); destination(cacti_syslog); };
log { source(sys); filter(f_cron); filter(f_error); destination(cronerr); destination(cacti_syslog); };

The simplest form of logging in a Cisco Router can be done with:

logging 192.168.0.111