-
Notifications
You must be signed in to change notification settings - Fork 16
Using Syslog NG server with plugin_syslog
Using syslog-ng for collecting data with Cacti.plugin_syslog
A little introduction By default, most Linux distributions have a program RSyslog for log collector. This program is quite old and has, in my opinion, a number of disadvantages, such as:
-
incomprehensible syntax, at the moment 2021-12-02, three different types of syntax are allowed for RSyslog configuration, and sometimes some functions work when calling one syntax and some commands work only in another syntax. (just a nightmare for a beginner).
-
in my personal opinion - poor documentation on the main server, with a small number of examples
As a result, I started looking for another log collector. Most of all I liked “syslog-ng Open Source Edition 3.26”, this system has an excellent reference guide of the administrator, which describes most of the functions with good examples. in my opinion, syslog-ng is closer to the concept of enterprise than rsyslog. Administration Guide for syslog-ng [PDF](www.syslog-ng.com/technical-documents/download/downloads?id=6115964)
For using syslog-ng on you system, you ned doing next steps (this is true for the Debian 11 or Ubuntu 20.04.3 LTS)
-
Setup the syslog-ng - ‘apt install syslog-ng`
-
Setup the MySQL module for syslog-ng - ‘apt-get install libdbd-mysql`
-
Create config file - ‘nano /etc/syslog-ng/conf.d/cacti.conf`
-
Write the following configuration text to the file, make corrections in config text for the database loginpassword and e.t.
# syslog-ng log source source s_net {network(port(514) transport(udp));}; #may be you want change the Port
‘
# syslog-ng log destination - in base Cacti destination d_mysql{ sql( type(mysql) username("myuser") #you must to put the correct data here, your data password("mypassword") #you must to put the correct data here, your data database("cacti") #you must to put the correct data here, your data host("127.0.0.1") #you must to put the correct data here, your data table("syslog_incoming") columns("facility_id", "priority_id", "program", "logtime", "host", "message") values ("$FACILITY_NUM", "$LEVEL_NUM", "$PROGRAM", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC.$MSEC", "${HOST}", "${MSG}") indexes("program") null("") ); }; # Action for syslog-ng - put the log in destination` log {source(s_net); destination(d_mysql);};`
‘
This example will work if
-
in the syslog_plugin settings you have set - use the cacti database
-
if you collect logs via the network to your Cacti server
Copyright (C) 2004-2018 The Cacti Group