rsyslog with syslog

[rtty88]

I get this Error evey time I follow the artical to install the plugin for syslog

Edit /etc/rsyslog.d/cacti.conf

$ModLoad imudp
$UDPServerRun 514
$ModLoad ommysql

$template cacti_syslog,"INSERT INTO syslog_incoming(facility_id, priority_id, program, logtime, host, message)
values (%syslogfacility%, %syslogpriority%, '%programname%', '%timegenerated:::date-mysql%', '%HOSTNAME%', TRIM('%msg%'))", SQL

. >localhost,my_database,my_user,my_password;cacti_syslog

any solution for that
my version is 1.2.26

[arno-st]

I have this config without error:

# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="5544")

module(load="ommysql")

$template cacti_syslog,"INSERT INTO syslog_incoming(facility_id, priority_id, program, logtime, host, message) \
  values (%syslogfacility%, %syslogpriority%, '%programname%', '%timegenerated:::date-mysql%', '%HOSTNAME%', TRIM('%m
sg%'))", SQL

# I'm using local6 a facility to filter with other syslog agent, if don't need it just remove the IF statement.
if $syslogfacility-text == 'local6' then {
# you have to adapt the server IP, and server port for your design
        action(type="ommysql" server="127.0.0.1" serverport="6033" db="syslog_test" uid="USERID" pwd="PASSWORD"
 Template="cacti_syslog" )
        *.* stop
}

I also have some trouble with the old fashion way to write the rule into syslog config file.

[rtty88]

if needed it here is a complete install cacti syslog ova file _ just remove () drive.google(.)com/file/d/12zf5zJkYj78ruEmfUlIIaSQx0XJXjoj8/view?usp=sharing

[TheWitness]

So, this is resolved then?

[rtty88]

so far yes but am still not able to see the source Hostname in syslog logs , it showing only the IP address

[bmfmancini]

@rtty88 some devices only report into syslog with IP address and not the hostname
if the Device only reports with the IP and there is no DNS record you will only see the IP in syslog

[nsdl88]

Err: could not load module 'ommysql', errors: trying to load module /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so

Had this issue in ubuntu 22.04 for cati 1.2.29 and was able to move forward by doing this:

1. Install the module for mariadb (or for which db you are using for cacti) .
   sudo apt install mariadb-plugin-connect mariadb-common mariadb-client --fix-missing

Verify that it is in lib
$ls /usr/lib/x86_64-linux-gnu/rsyslog/ommysql.so

2. Installation will create a mysql.conf file in /etc/rsyslog.d which calls the module $Modload along with the $Action params , You can use this or delete it.

3. If you followed the cacti syslog plugin article you already created your own cacti.conf but there should only one conf file that should load $Modload ommysql else service will return an error.

4.Here is my cacti.conf with the cacti_syslog template and output module config, I deleted the redundant mysql.conf.

$ModLoad ommysql
$ActionOmmysqlServerPort 3306
. :ommysql:localhost,syslog,dbuname,dbpword \ #update with your dbcreds

$template tpl,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%time reported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL

#be mindful of new lines and wrapping else it will complain again with error.

5. Then restart systemctl restart rsyslog.services.

Hope this helps others.