cacti syslog 설정

cacti syslog 설정

[cacti server: 192.168.0.51]

• syslog DB 계정 생성

mysql -u root -p

create database syslog character set utf8;

grant all privileges on syslog.* to 'syslog'@'localhost' identified by 'set-password-here';

flush privileges;

yum install -y rsyslog rsyslog-mysql

#### Module ####
#$ModLoad ommysql
#$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
#*.*             >{mysql_server},{db_name},{db_users},{db_pass};cacti_syslog
 
$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >127.0.0.1,syslog,syslog,syslog;cacti_syslog
 
$ModLoad imudp
$UDPServerRun 514

service rsyslog restart

[cacti agent : 192.168.0.52]

yum install -y rsyslog

### begin forwarding rule ###
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@192.168.0.51:514
# ### end of the forwarding rule ###

service rsyslog restart

c1

728x90

syslog server(192.168.0.200)

vim /etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability
$ModLoad ommysql
 
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,  '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.*             >127.0.0.1,syslog,syslog,syslogpw1!;cacti_syslog
 
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
 
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

syslog host(192.168.0.210)

vim /etc/rsyslog.conf

# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
$ModLoad imuxsock             # local message reception
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@192.168.0.200
# ### end of the forwarding rule ###

 

참고URL

- http://docs.cacti.net/plugin:syslog.config#forwarding

- http://www.rsyslog.com/doc/rsyslog_reliable_forwarding.html