{"id":19585899,"url":"https://github.com/cacti/plugin_syslog","last_synced_at":"2025-04-27T11:35:02.782Z","repository":{"id":36151517,"uuid":"40455550","full_name":"Cacti/plugin_syslog","owner":"Cacti","description":"Syslog Plugin for Cacti","archived":false,"fork":false,"pushed_at":"2024-11-05T18:59:16.000Z","size":2784,"stargazers_count":21,"open_issues_count":10,"forks_count":16,"subscribers_count":13,"default_branch":"develop","last_synced_at":"2024-11-05T19:43:36.398Z","etag":null,"topics":["cacti","cacti-plugin","syslog","syslog-plugin"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cacti.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-08-10T00:31:04.000Z","updated_at":"2024-11-05T18:59:21.000Z","dependencies_parsed_at":"2023-12-21T20:45:37.229Z","dependency_job_id":"539957c2-e0ee-4381-8fa3-71c1886ad89e","html_url":"https://github.com/Cacti/plugin_syslog","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cacti%2Fplugin_syslog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cacti%2Fplugin_syslog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cacti%2Fplugin_syslog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cacti%2Fplugin_syslog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cacti","download_url":"https://codeload.github.com/Cacti/plugin_syslog/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224069493,"owners_count":17250456,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cacti","cacti-plugin","syslog","syslog-plugin"],"created_at":"2024-11-11T07:57:42.724Z","updated_at":"2024-11-11T07:57:43.748Z","avatar_url":"https://github.com/Cacti.png","language":"PHP","readme":"# syslog\n\nThe syslog plugin is a Cacti plugin that has been around for more than a decade.\nIt was inspired by the 'aloe' and 'h.aloe' plugins originally developed by the\nCacti users sidewinder and Harlequin in the early 2000's.  As you will be able\nto see from the ChangeLog, it has undergone several changes throughout the\nyears, and remains, even today when you have enterprise offering from both\nElastic and Splunk, remains a relevant plugin for small to medium sized\ncompanies.\n\nIt provides a simple Syslog event search an Alert generation and notification\ninterface that can generate both HTML and SMS messages for operations personnel\nwho wish to receive notifications inside of a data or network operations center.\n\nWhen combined by the Linux SNMPTT package, it can be converted into an SNMP Trap\nand Inform receiver and notification engine as the SNMPTT tool will receive SNMP\nTraps and Informs and convert them into Syslog messages on your log server.\nThese syslog messages can then be consumed by the syslog plugin.  So, this tool\nis quite handy.\n\nFor log events that continue to be generated frequently on a device, such as\nsmartd's feature to notify every 15 minutes of an impending drive failure, can\nbe quieted using syslog's 'Re-Alert' setting.\n\n## Core Features\n\n* Message filtering\n\n* Message searching\n\n* Message Alerting\n\n* Alert Levels of System and Host\n\n* Alert Methods of Individual and Threshold Based\n\n* Message Removal Rules to Delete or Hide Messages\n\n* Filter Messages by Cacti Graph window from Cacti's Graph View pages\n\n* Use of native MySQL and MariaDB database partitioning for larger installs\n\n* Remote Log Server connection capabilities\n\n* Custom column mappings between Remote Log Server and required Syslog columns\n\n* Ability to Generate Tickets to Ticketing Systems through Script Execution\n\n* Ability to run alert specific commands at Alert and Re-alert times\n\n## Important Version 4.0 Release Notes\n\nIn prior releases of Syslog, the Individual Alert Method would send an Email,\nopen a ticket or run a command per line in the Syslog that matches the pattern.\nHowever, in Syslog Version 4, if you want an alert per Host, you will have to\nmove your Alerts from the `System Level` to the `Host Level` as `System Level`\nAlerts will generate one command execution for all matching messages.\n\n## Installation\n\nTo install the syslog plugin, simply copy the plugin_syslog directory to Cacti's\nplugins directory and rename it to simply 'syslog'. Once you have done this,\ngoto Cacti's Plugin Management page, and Install and Enable the plugin. Once\nthis is complete, you can grant users permission to view syslog messages, as\nwell as create Alert, Removal and Report Rules.\n\nNote: You must rename config.php.dist in the syslog plugin directory to\nconfig.php and make changes there for the location of the database, user,\npassword, and host.  This is especially important if you are using a remote\nlogging database server.\n\nIf you are upgrading to 2.0 from a prior install, you must first uninstall\nsyslog and insure both the syslog, syslog_removal, and syslog_incoming tables\nare removed, and recreated at install time.\n\nIn addition, the rsyslog configuration has changed in 2.5.  So, for example, to\nconfigure modern rsyslog for Cacti, you MUST create a file called cacti.conf in\nthe /etc/rsyslog.d/ directory that includes the following:\n\nYou have two options for storing syslog information you can either use the existing\nCacti Database or use a dedicated database for syslog as syslog databases especially\nfor large networks can grow pretty quick it may be wise to create a dedicated database.\nTo use a dedicated DB first create a database in mysql and assign a user you will then change\n\n```console\n$use_cacti_db = true; \n```\n\nto \n\n``console\n$use_cacti_db = false;\n```\n\nYou will also need to ensure the cacti user is granted select on the syslog database\n\n```shell\nGRANT SELECT ON syslog.* TO 'cacti'@'localhost';\n```\n\n\n### Cacti Configuration for RSYSLOG\n\nEdit /etc/rsyslog.d/cacti.conf\n\n```console\n$ModLoad imudp\n$UDPServerRun 514\n$ModLoad ommysql\n\n$template cacti_syslog,\"INSERT INTO syslog_incoming(facility_id, priority_id, program, logtime, host, message) \\\n  values (%syslogfacility%, %syslogpriority%, '%programname%', '%timegenerated:::date-mysql%', '%HOSTNAME%', TRIM('%msg%'))\", SQL\n\n*.* \u003elocalhost,my_database,my_user,my_password;cacti_syslog\n```\n\nFor version below 2.0 it should be:\n\n```console\n$ModLoad imudp\n$UDPServerRun 514\n$ModLoad ommysql\n\n$template cacti_syslog,\"INSERT INTO syslog_incoming(facility_id, priority_id, program, logtime, host, message)\nvalues (%syslogfacility%, %syslogpriority%, '%programname%', '%timegenerated:::date-mysql%', '%HOSTNAME%', TRIM('%msg%'))\", SQL\n\n. \u003elocalhost,my_database,my_user,my_password;cacti_syslog\n```\n\nFor version 2.4 and above it should be:\n\n```console\nmodule(load=\"ommysql\")\naction(type=\"ommysql\" server=\"localhost\" serverport=\"3306\"\ndb=\"syslogDB\" uid=\"userID\" pwd=\"passwdID\")\n\n$template cacti_syslog,\"INSERT INTO syslog_incoming(facility_id, priority_id, program, logtime, host, message)\nvalues (%syslogfacility%, %syslogpriority%, '%programname%', '%timegenerated:::date-mysql%', '%HOSTNAME%', TRIM('%msg%'))\", SQL\n```\n\nFor CentOS/RHEL systems you will all need to install the rsyslog-mysql package\n\n```\nyum install rsyslog-mysql\nsystemctl restart rsyslog\n```\n\nIf you are upgrading to version 2.5 from an earlier version, make sure that you\nupdate this template format and restart rsyslog.  You may loose some syslog\ndata, but doing this in a timely fashion, will minimize data loss.\n\nEnsure you restart rsyslog after these changes are completed.  Other logging\nservers such as Syslog-NG are also supported with this plugin.  Please see some\nadditional documentation here: [Cacti Documentation\nSite](https://docs.cacti.net/plugin:syslog.config)\n\nWe are using the pure integer values that rsyslog provides to both the priority\nand facility in this version syslog, which makes the data collection must less\ncostly for the database.  We have also started including the 'program' syslog\ncolumn for searching and storage and alert generation.\n\nTo setup log forwarding from your network switches and routers, and from your\nvarious Linux, UNIX, and other operating system devices, please see their\nrespective documentation.\n\nFinally, it's important, especially in more recent versions of MySQL and MariaDB\nto set a correct SQL Mode.  These more recent SQL's prevent certain previously\nallowable syntax such as an empty data and certain group by limitations in the\nSQL itself.  Therefore, you need to ensure that the SQL mode of the database is\ncorrect.  To do this, first start by editing either `/etc/my.cnf` or\n`/etc/my.cnf.d/server.cnf` and inserting the SQL mode variable into the database\nconfiguration.  For example:\n\n```ini\n[mysqld]\nsql_mode=NO_ENGINE_SUBSTITUTION,NO_AUTO_CREATE_USER\n```\n\nAfter this change, you should log into the mysql server and run the following\ncommand:\n\n```console\nmysql\u003e show global variables like 'sql_mode';\n```\n\nAnd ensure that it matches the setting that you placed in the database\nconfiguration.  If it does not, please search for the configuration that is\nmaking this SQL mode other than what you required.  More recent versions of\nMySQL and MariaDB will source multiple database configuration files.\n\n## Possible Bugs and Feature Enhancements\n\nBug and feature enhancements for the syslog plugin are handled in GitHub. If you\nfind a first search the Cacti forums for a solution before creating an issue in\nGitHub.\n\n## Authors\n\nThe syslog plugin has been in development for well over a decade with increasing\nfunctionality and stibility over that time. There have been several contributors\nto thold over the years. Chief amongst them are Jimmy Conner, Larry Adams,\nSideWinder, and Harlequin. We hope that version 2.0 and beyond are the most\nstable and robust versions of syslog ever published. We are always looking for\nnew ideas. So, this won't be the last release of syslog, you can rest assured of\nthat.\n\n-----------------------------------------------\nCopyright (c) 2004-2024 - The Cacti Group, Inc.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcacti%2Fplugin_syslog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcacti%2Fplugin_syslog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcacti%2Fplugin_syslog/lists"}