Hello everyone! I have a Cacti Server with the Haloe plugin installed. I can get my Windows boxes to talk to the Haloe plugin (syslogs). I have two old servers (running SLES 9 I think) with syslogd installed, reporting in just fine! Here is my issue - I can't figure out how to pipe or forward the data from the box to the syslogs server (Cacti). For those of you who do not know, Cacti is a network monitoring tool/RRDtool front end with a ton of available plugins. Haloe is a centralized syslog server. Thanks! -- Chris Harner [] Server Engineer [] Arnold Transportation Services
Hello,
Hello everyone! I have a Cacti Server with the Haloe plugin installed. I can get my Windows boxes to talk to the Haloe plugin (syslogs). I have two old servers (running SLES 9 I think) with syslogd installed, reporting in just fine! Here is my issue - I can't figure out how to pipe or forward the data from the box to the syslogs server (Cacti). For those of you who do not know, Cacti is a network monitoring tool/RRDtool front end with a ton of available plugins. Haloe is a centralized syslog server.
First, welcome to the syslog-ng mailing list! Could you tell about your issue, how is it related to syslog-ng? If you're trying to forward syslogd messages to remote hosts then use @remotehost in syslogd.conf. If you want to forward messages using syslog-ng then use either the tcp() or the udp() destination drivers in syslog-ng.conf. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Hi, Sandor. Thanks for the reply. I have to configure syslog-ng to forward the logs to the Cacti server. Both firewalls are not enabled. They OSs are OpenSUSE 10.1. Here is the section of the conf file I think you are referring to: #source my_src { .... }; # source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # unix-dgram("/dev/log"); # # uncomment to process log messages from network: # udp(ip("192.168.x.x") port(514)); }; Basically, Whenever I put the IP of the Cacti server in there and restart the syslog service, I get this: ============== chpas-chngmgt2:~ # /etc/init.d/syslog restart Shutting down syslog services done Starting syslog servicesio.c: bind_inet_socket() bind failed 192.168.x.x:514 Cannot assign requested address Error initializing configuration, exiting. startproc: exit status of parent of /sbin/syslog-ng: 1 failed ============== Obviously, I replace 192.168.x.x with the actual IP. I'm not using syslogd, however some older servers are. What am I doing wrong? On 8/28/07, Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> wrote:
Hello,
Hello everyone! I have a Cacti Server with the Haloe plugin installed. I can get my Windows boxes to talk to the Haloe plugin (syslogs). I have two old servers (running SLES 9 I think) with syslogd installed, reporting in just fine! Here is my issue - I can't figure out how to pipe or forward the data from the box to the syslogs server (Cacti). For those of you who do not know, Cacti is a network monitoring tool/RRDtool front end with a ton of available plugins. Haloe is a centralized syslog server.
First, welcome to the syslog-ng mailing list!
Could you tell about your issue, how is it related to syslog-ng?
If you're trying to forward syslogd messages to remote hosts then use @remotehost in syslogd.conf. If you want to forward messages using syslog-ng then use either the tcp() or the udp() destination drivers in syslog-ng.conf.
Regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Chris Harner [] Server Engineer [] Arnold Transportation Services
Hello,
Here is the section of the conf file I think you are referring to: #source my_src { .... }; # source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal();
# # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # unix-dgram("/dev/log");
# # uncomment to process log messages from network: # udp(ip("192.168.x.x") port(514)); };
This is the source, not the destination declaration. You can use only IP addresses bound to the box itself, not remote ones. What you want to achieve is defining a remote destination like: destination d_remotehost { udp("192.168.x.x" port(514)); }; And then refer to this destination in your log statements. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Well that makes sense! Well, I added your code onto the bottom of syslog-ng.conf.in since I couldn't find a commented out line already in the config. Are there docs on referring statements to log statements like the one you gave me? I'm not exactly sure how to go about that. Thanks Sandor. On 8/28/07, Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> wrote:
Hello,
Here is the section of the conf file I think you are referring to: #source my_src { .... }; # source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal();
# # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # unix-dgram("/dev/log");
# # uncomment to process log messages from network: # udp(ip("192.168.x.x") port(514)); };
This is the source, not the destination declaration. You can use only IP addresses bound to the box itself, not remote ones.
What you want to achieve is defining a remote destination like:
destination d_remotehost { udp("192.168.x.x" port(514)); };
And then refer to this destination in your log statements.
Regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Chris Harner [] Server Engineer [] Arnold Transportation Services
Hello,
Well that makes sense! Well, I added your code onto the bottom of syslog-ng.conf.in since I couldn't find a commented out line already in the config. Are there docs on referring statements to log statements like the one you gave me? I'm not exactly sure how to go about that. Thanks Sandor.
You should check the reference manual and the configuration samples bundled with the syslog-ng source package. I suggest creating your own configuration instead of customising an existing one. There are a lot of options which might miss from the template you're using currently. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Hello, I was wondering if you have used Webmin to manage syslog-ng before? I find it very easy to use, however I have it pointing to my syslog server and it still does not work! I tried sending to port 514(default) via TCP and UDP. Still no luck! I feel like I am missing something. I did look over the source of syslog-ng and the config samples. It allowed me to understand how it works much better. On 8/28/07, Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> wrote:
Hello,
Well that makes sense! Well, I added your code onto the bottom of syslog-ng.conf.in since I couldn't find a commented out line already in the config. Are there docs on referring statements to log statements like the one you gave me? I'm not exactly sure how to go about that. Thanks Sandor.
You should check the reference manual and the configuration samples bundled with the syslog-ng source package. I suggest creating your own configuration instead of customising an existing one. There are a lot of options which might miss from the template you're using currently.
Regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Chris Harner [] Server Engineer [] Arnold Transportation Services
I am logging locally to destination hosts { file("/opt/log/HOSTS/$YEAR/$MONTH/$DAY/$HOST/$PROGRAM" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));}; I am also logging to a mysql database destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n") template-escape(yes)); }; What is the best way to handle log rotation for each? Best Regards, John
Hello,
I am logging locally to
destination hosts { file("/opt/log/HOSTS/$YEAR/$MONTH/$DAY/$HOST/$PROGRAM" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
Why do you want to rotate these??? New files will be created every day. Simply delete the old ones if you need to reclaim space.
I am also logging to a mysql database
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n") template-escape(yes)); };
Sorry, I still don't understand what do you want to achieve. Log rotation or log retention ? regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
I apologize, I should have been clearer. I just want to delete the old logs, and want to know how others are doing it. Should I simply create a shell script for the local logs and schedule it in cron? Something similar to find /logs -type f -mtime +30 -exec rm {} \; However, I'm not sure how to remove old mysql data. I've read issues about locking the database and then removing the data. Thanks, John -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Geller, Sandor (IT) Sent: Thursday, September 06, 2007 6:10 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Log Rotation Hello,
I am logging locally to
destination hosts { file("/opt/log/HOSTS/$YEAR/$MONTH/$DAY/$HOST/$PROGRAM" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
Why do you want to rotate these??? New files will be created every day. Simply delete the old ones if you need to reclaim space.
I am also logging to a mysql database
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n") template-escape(yes)); };
Sorry, I still don't understand what do you want to achieve. Log rotation or log retention ? regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hi, John Hala <john.hala@villanova.edu> [20070906 08:48:18 -0400]:
I apologize, I should have been clearer. I just want to delete the old logs, and want to know how others are doing it.
Should I simply create a shell script for the local logs and schedule it in cron? Something similar to find /logs -type f -mtime +30 -exec rm {} \;
I would put *single* quotes (') around the "{}" so that any spaces in the filename are handled correctly too.
However, I'm not sure how to remove old mysql data. I've read issues about locking the database and then removing the data.
you can do something like put in a text file: ====== USE cheese-database; LOCK TABLES chedder READ; DELETE........; UNLOCK TABLES; ====== Then 'echo -e "[client]\npassword=<password>\n" > ~/.my.cnf' and then you run (in a cron job): $ cat cmds.sql | mysql -u <user> Make sure you index your timestamp field then the DELETE operation should be *very* fast. Cheers Alex
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Geller, Sandor (IT) Sent: Thursday, September 06, 2007 6:10 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Log Rotation
Hello,
I am logging locally to
destination hosts { file("/opt/log/HOSTS/$YEAR/$MONTH/$DAY/$HOST/$PROGRAM" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
Why do you want to rotate these??? New files will be created every day. Simply delete the old ones if you need to reclaim space.
I am also logging to a mysql database
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n") template-escape(yes)); };
Sorry, I still don't understand what do you want to achieve.
Log rotation or log retention ?
regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hi, Alexander Clouter <ac56@soas.ac.uk> [20070906 14:15:58 +0100]:
Hi,
[snipped]
====== USE cheese-database; LOCK TABLES chedder READ; DELETE........; UNLOCK TABLES; ======
replace 'READ' with 'WRITE', or even 'LOW_PRIORITY WRITE'. D'oh :)
Then 'echo -e "[client]\npassword=<password>\n" > ~/.my.cnf' and then you run (in a cron job):
$ cat cmds.sql | mysql -u <user>
just so you know, this all came from: http://dev.mysql.com/doc/refman/5.1/en/password-security.html Cheers Alex
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Geller, Sandor (IT) Sent: Thursday, September 06, 2007 6:10 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Log Rotation
Hello,
I am logging locally to
destination hosts { file("/opt/log/HOSTS/$YEAR/$MONTH/$DAY/$HOST/$PROGRAM" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
Why do you want to rotate these??? New files will be created every day. Simply delete the old ones if you need to reclaim space.
I am also logging to a mysql database
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n") template-escape(yes)); };
Sorry, I still don't understand what do you want to achieve.
Log rotation or log retention ?
regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
For Mysql, you can have better performance using the ARCHIVE engine (data are compressed but delete queries aren't available and select queries take much more time than Myisam..) combined the partionning feature (based on the day of year's parity or something...) in 5.1 version. You won't need to lock any table, just drop the partition and recreate it. It doesn't change anything about password security issues ;-) Regards Erwan 2007/9/6, Alexander Clouter <ac56@soas.ac.uk>:
Hi,
Alexander Clouter <ac56@soas.ac.uk> [20070906 14:15:58 +0100]:
Hi,
[snipped]
====== USE cheese-database; LOCK TABLES chedder READ; DELETE........; UNLOCK TABLES; ======
replace 'READ' with 'WRITE', or even 'LOW_PRIORITY WRITE'.
D'oh :)
Then 'echo -e "[client]\npassword=<password>\n" > ~/.my.cnf' and then you run (in a cron job):
$ cat cmds.sql | mysql -u <user>
just so you know, this all came from:
http://dev.mysql.com/doc/refman/5.1/en/password-security.html
Cheers
Alex
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto: syslog-ng-bounces@lists.balabit.hu] On Behalf Of Geller, Sandor (IT) Sent: Thursday, September 06, 2007 6:10 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Log Rotation
Hello,
I am logging locally to
destination hosts { file("/opt/log/HOSTS/$YEAR/$MONTH/$DAY/$HOST/$PROGRAM" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));};
Why do you want to rotate these??? New files will be created every day. Simply delete the old ones if you need to reclaim space.
I am also logging to a mysql database
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n") template-escape(yes)); };
Sorry, I still don't understand what do you want to achieve.
Log rotation or log retention ?
regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (5)
-
Alexander Clouter
-
Chris Harner
-
Geller, Sandor (IT)
-
John Hala
-
Mirwan