Skip to content

Using Syslog NG server with plugin_syslog

seanmancini edited this page Dec 3, 2021 · 5 revisions

Using syslog-ng for collecting data with Cacti.plugin_syslog

A little introduction By default, most Linux distributions have a program RSyslog for log collector. This program is quite old and has, in my opinion, a number of disadvantages, such as:

  • incomprehensible syntax, at the moment 2021-12-02, three different types of syntax are allowed for RSyslog configuration, and sometimes some functions work when calling one syntax and some commands work only in another syntax. (just a nightmare for a beginner).

  • in my personal opinion - poor documentation on the main server, with a small number of examples

As a result, I started looking for another log collector. Most of all I liked “syslog-ng Open Source Edition 3.26”, this system has an excellent reference guide of the administrator, which describes most of the functions with good examples. in my opinion, syslog-ng is closer to the concept of enterprise than rsyslog. Administration Guide for syslog-ng [PDF](www.syslog-ng.com/technical-documents/download/downloads?id=6115964)

For using syslog-ng on you system, you ned doing next steps (this is true for the Debian 11 or Ubuntu 20.04.3 LTS)

  1. Setup the syslog-ng - apt install syslog-ng

  2. Setup the MySQL module for syslog-ng - apt-get install libdbd-mysql

  3. Create config file - nano /etc/syslog-ng/conf.d/cacti.conf

  4. Write the following configuration text to the file, make corrections in config text for the database loginpassword and e.t.

# syslog-ng log source
source s_net {network(port(514) transport(udp));};	#may be you want change the Port

# syslog-ng log destination - in base Cacti
destination d_mysql{
   sql(
        type(mysql)
        username("myuser")                   #you must to put the correct data here, your data
        password("mypassword")           #you must to put the correct data here, your data
        database("cacti")                       #you must to put the correct data here, your data
        host("127.0.0.1")                       #you must to put the correct data here, your data
        table("syslog_incoming")
        columns("facility_id", "priority_id", "program", "logtime", "host", "message")
        values ("$FACILITY_NUM",   "$LEVEL_NUM",   "$PROGRAM", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC.$MSEC", "${HOST}", "${MSG}")
        indexes("program")
        null("")
      );
};

# Action for syslog-ng - put the log in destination`
log {source(s_net);  destination(d_mysql);};`

This example will work if

  • in the syslog_plugin settings you have set - use the cacti database

  • if you collect logs via the network to your Cacti server.

Clone this wiki locally