Upload
jh0n-fredy-h
View
242
Download
0
Embed Size (px)
Citation preview
7/22/2019 syslog plugin for cacti
1/8
Syslog plug-in for Cacti
First to all we need to download syslog plug-in from cacti.net and copy the file to the server with
WINSCP
When you are ready, extract the file.
7/22/2019 syslog plugin for cacti
2/8
tar -xzvf /home/admin/Desktop/syslog-v1.22-2.tgz
# Now, we will to create a DB only for Syslog
mysql -u root -p
CREATE DATABASE syslog;GRANT ALL ON syslog.* \TO sysloguser@localhost \IDENTIFIED BY '[SPECIFYCACTIPASS]';flush privileges;exit
mysql -u root -p syslog < /home/admin/Desktop/syslog/syslog.sql
# Edit config.php, in this file we must type the correct informationregarding DB called syslog, and modify the line $use_cacti_db to false
vi /home/admin/Desktop/syslog/config.php
$use_cacti_db = false;
if (!$use_cacti_db) {$syslogdb_type = 'mysql';$syslogdb_default = 'syslog';$syslogdb_hostname = 'localhost';$syslogdb_username = 'sysloguser';$syslogdb_password = '[THEPASSWORD]';$syslogdb_port = 3306;
yum install rsyslog rsyslog-mysql
Edit /etc/rsyslog.conf
vi /etc/rsyslog.conf# add the following line at the top of the file
$ModLoad ommysql$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority,date, time, host, message) values (%syslogfacility%, %syslogpriority%,'%timereported:::date-mysql%', '%timereported:::date-mysql%','%HOSTNAME%', '%msg%')", SQL*.* >127.0.0.1,syslog,sysloguser,Jh0n123456;cacti_syslog
NOTE: When the code start with $ symbol means that this is one line, thenwe need add tree lines, OK.
$ModLoad imudp$UDPServerRun 514
# Save the file and restart the service
7/22/2019 syslog plugin for cacti
3/8
service rsyslog restart
We can see that syslog server is listen in port 514 of UDP
# Permit UDP 514 at the firewall-A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT
service iptables restart
Now, we can see that IPTABLES permit syslog connections
# copy syslog folder to cactis plugins folder
cp -r syslog/ /var/www/html/cacti/plugins/
# permit access for read of this folders
chown -R admin:admin /var/www/html/cacti/plugins/syslogchmod 775 /var/www/html/cacti/plugins/syslog
7/22/2019 syslog plugin for cacti
4/8
chown -R admin:admin /var/www/html/cacti/plugins/*chmod 775 /var/www/html/cacti/plugins/syslog
# in order to syslog plug-in work we need to install settings plug-in,download it from cacti.net
# the same process extract and copy to the cactis plug-in folder
7/22/2019 syslog plugin for cacti
5/8
tar -xzvf /home/admin/Desktop/settings-v0.71-1.tgz
cp -r settings /var/www/html/cacti/plugins
chown -R admin:admin /var/www/html/cacti/plugins/settingschmod 775 /var/www/html/cacti/plugins/settings
# cisco ios configuration for syslog# first check clock's configuration
show clock
service timestamps log datetime msec localtimeservice timestamps debug datetime msec localtime
logging onlogging host 192.168.180.3logging source-interface vlan 11logging trap warnings
When this is done, we can access to cacti website
7/22/2019 syslog plugin for cacti
6/8
Select Plugin Management under Configuration and enable the two plugins, when this is done, the
window looks like this.
When we try to enabe syslog plugin a window appear like this.
Click upgrade.
7/22/2019 syslog plugin for cacti
7/8
Now, when the plugins has been installed and enabled, we can see a new tab called syslog click it.
And
# Ok, now we must check if traffic is sending to the syslog server
iptables -L -v
7/22/2019 syslog plugin for cacti
8/8