-
7/22/2019 syslog plugin for cacti
1/8
Syslog plug-in for Cacti
First to all we need to download syslog plug-in from cacti.net
and copy the file to the server with
WINSCP
When you are ready, extract the file.
-
7/22/2019 syslog plugin for cacti
2/8
tar -xzvf /home/admin/Desktop/syslog-v1.22-2.tgz
# Now, we will to create a DB only for Syslog
mysql -u root -p
CREATE DATABASE syslog;GRANT ALL ON syslog.* \TO
sysloguser@localhost \IDENTIFIED BY '[SPECIFYCACTIPASS]';flush
privileges;exit
mysql -u root -p syslog <
/home/admin/Desktop/syslog/syslog.sql
# Edit config.php, in this file we must type the correct
informationregarding DB called syslog, and modify the line
$use_cacti_db to false
vi /home/admin/Desktop/syslog/config.php
$use_cacti_db = false;
if (!$use_cacti_db) {$syslogdb_type = 'mysql';$syslogdb_default
= 'syslog';$syslogdb_hostname = 'localhost';$syslogdb_username =
'sysloguser';$syslogdb_password = '[THEPASSWORD]';$syslogdb_port =
3306;
yum install rsyslog rsyslog-mysql
Edit /etc/rsyslog.conf
vi /etc/rsyslog.conf# add the following line at the top of the
file
$ModLoad ommysql$template cacti_syslog,"INSERT INTO
syslog_incoming(facility, priority,date, time, host, message)
values (%syslogfacility%,
%syslogpriority%,'%timereported:::date-mysql%',
'%timereported:::date-mysql%','%HOSTNAME%', '%msg%')", SQL*.*
>127.0.0.1,syslog,sysloguser,Jh0n123456;cacti_syslog
NOTE: When the code start with $ symbol means that this is one
line, thenwe need add tree lines, OK.
$ModLoad imudp$UDPServerRun 514
# Save the file and restart the service
-
7/22/2019 syslog plugin for cacti
3/8
service rsyslog restart
We can see that syslog server is listen in port 514 of UDP
# Permit UDP 514 at the firewall-A INPUT -p udp -m state --state
NEW -m udp --dport 514 -j ACCEPT
service iptables restart
Now, we can see that IPTABLES permit syslog connections
# copy syslog folder to cactis plugins folder
cp -r syslog/ /var/www/html/cacti/plugins/
# permit access for read of this folders
chown -R admin:admin /var/www/html/cacti/plugins/syslogchmod 775
/var/www/html/cacti/plugins/syslog
-
7/22/2019 syslog plugin for cacti
4/8
chown -R admin:admin /var/www/html/cacti/plugins/*chmod 775
/var/www/html/cacti/plugins/syslog
# in order to syslog plug-in work we need to install settings
plug-in,download it from cacti.net
# the same process extract and copy to the cactis plug-in
folder
-
7/22/2019 syslog plugin for cacti
5/8
tar -xzvf /home/admin/Desktop/settings-v0.71-1.tgz
cp -r settings /var/www/html/cacti/plugins
chown -R admin:admin /var/www/html/cacti/plugins/settingschmod
775 /var/www/html/cacti/plugins/settings
# cisco ios configuration for syslog# first check clock's
configuration
show clock
service timestamps log datetime msec localtimeservice timestamps
debug datetime msec localtime
logging onlogging host 192.168.180.3logging source-interface
vlan 11logging trap warnings
When this is done, we can access to cacti website
-
7/22/2019 syslog plugin for cacti
6/8
Select Plugin Management under Configuration and enable the two
plugins, when this is done, the
window looks like this.
When we try to enabe syslog plugin a window appear like
this.
Click upgrade.
-
7/22/2019 syslog plugin for cacti
7/8
Now, when the plugins has been installed and enabled, we can see
a new tab called syslog click it.
And
# Ok, now we must check if traffic is sending to the syslog
server
iptables -L -v
-
7/22/2019 syslog plugin for cacti
8/8
