Chinaunix首页 | 论坛 | 博客
  • 博客访问: 260834
  • 博文数量: 82
  • 博客积分: 2477
  • 博客等级: 大尉
  • 技术积分: 725
  • 用 户 组: 普通用户
  • 注册时间: 2009-06-06 23:24
文章分类

全部博文(82)

文章存档

2013年(1)

2012年(3)

2011年(15)

2010年(36)

2009年(27)

分类: 网络与安全

2009-07-09 14:00:12

HOW-TO Install Syslog 0.5.2 plugin on Linux/Unix Cacti versions 0.8.7, 0.8.7a and 0.8.7b
-------------------------------------------------------------------------------------------
[submitted by noflies, 26 Feb 2008]
[updated by noflies, 16 May 2008 with suggestions by joez...adding "SQL grant priv" commands in 4a]

NOTE: These instructions reference variables for documentation purposes only.
Cacti's root path (usually /var/www/html or /usr/share/cacti)
Cacti's user for polling access (usually cacti or cactiuser)
Cacti's password for polling access (usually cacti or cactiuser)
Cacti's user for database access (usually cacti or cactiuser)
Cacti's password for database access (usually cacti or cactiuser)
HTTP daemon user for running web server (usually apache)
HTTP daemon password for running web server
Substitute your specific locations and parameters.

1. Install, configure and test SYSLOG-NG per instructions within the syslog-ng package/tar.
Make sure syslog-ng is working as you expect before continuing.

2. Download the syslog plugin from cactiusers.org.
As of 25 Feb 2008, the syslog plugin is located at <"">.
Version 0.5.2, maintained by Jimmy Conner. [THANKS Jimmy!!!]
Untar it into the directory /plugins/syslog

3. Edit the /plugins/syslog/config.php with your installation's database name and user credentials.
Here is an EXAMPLE only;
Code:
$syslogdb_type     = 'mysql';
$syslogdb_default  = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = '';
$syslogdb_password = '';

NOTE: Change the above user credentials to your specific installation.

4. Create the syslog database with the syslog.sql commands.
Code:
shell> mysqladmin --user=root create syslog
shell> mysql syslog < /plugins/syslog/syslog.sql

NOTE: The syslog.sql file is in the syslog plugin tar file.

4a. Grant privileges to cactidb_user for the syslogdb_default.
Code:
shell# mysql --user=root --password
Enter password: ********
mysql> GRANT ALL ON .* TO @ IDENTIFIED BY '';
mysql> flush privileges;
mysql> exit

NOTE: Change the above user credentials to your specific installation.

5. Edit the /etc/init.d/syslog-ng file.
--INSERT the following line AFTER the "start() {" line
Code:
/sbin/syslogtomysql &


--INSERT the following line AFTER the "stop() {" line
Code:
killall -9 syslogtomysql > /dev/null


6. Create the /sbin/syslogtomysql bash script.
Code:
#!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
        mkfifo /tmp/mysql.pipe
fi 

while [ -e /tmp/mysql.pipe ]
do
        mysql -u --password= syslog < /tmp/mysql.pipe
done

NOTE: Change the above user credentials to your specific installation.

7. Change the /sbin/syslogtomysql file permissions to 755 owned by root:root.
Code:
shell> chmod 755 /sbin/syslogtomysql
shell> chown root:root /sbin/syslogtomysql


8. ADD the following lines to the /etc/syslog-ng/syslog-ng.conf file to the END of the file

Code:

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng( and syslog-ng.conf(5) for more information.
#
# 20000925
#
# Updated by Frank Crawford () - 10 Aug 2002
# - for Red Hat 7.3
# - totally do away with klogd
# - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford () - 22 Aug 2002
# - use the log_prefix option as per Balazs Scheidler's email
#

options {
sync(0);
time_reopen(10);
log_fifo_size(1024);
long_hostnames(on);
use_dns(yes);
use_fqdn(yes);
create_dirs(no);
keep_hostname(yes);
};

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_kernel { file("/var/log/kern"); };


filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or program("kernel")); };

filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_kernel { level(info) and program("kernel"); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_kernel); destination(d_kernel); };

source net {
udp();
};


destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};

log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };

# vim: syntax=syslog-ng

source net {
    udp();
};

destination d_mysql {
    pipe("/tmp/mysql.pipe"
    template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n")
    template-escape(yes)
     );
};

log { source(net); destination(d_mysql); };
log { source(s_sys); destination(d_mysql); };

NOTE: The "template(" line begins with "template(" and ends with the $MSG' );\n"). The line may appear to wrap due to the length of the line. MAKE SURE your config file does not break the line apart.

9. Restart the syslog-ng daemon. Typically by using one of the following:
Code:
shell> service syslog-ng restart

-OR-
Code:
shell> kill -HUP syslog-ng


10. Add the syslog plugin to the $plugins_array in /include/global.php
At ABOUT line 46; INSERT the following line AFTER the "$plugins[] = 'settings';"
Code:
$plugins[] = 'syslog';


11. Verify user rights and permissions on the syslog/plugin files
Code:
shell> chown -R : /plugins/syslog/
shell> chmod -R 644 /plugins/syslog/

NOTE: Change the above user credentials to your specific installation.

12. Within cacti, grant user rights for Syslog plugin/realm.
Navigate to Console ->
Utilities ->
User Management ->