Syslog-NG - Ernest G. Wilson II's FreeBSD Pages

Syslog-NG on FreeBSD 6.2
**Step #1**
Install Syslog-ng – Replace the built-in Syslog with Syslog-NG and get same Syslog functionality
Home:	http://www.balabit.com/products/syslog_ng/
# Download (Notes: Users behind a Proxy Server should read this and users without Internet but have a CDRom read this.) # Prerequisite: Install the Haloe (Syslog) plug-in # You should already have Cacti + Plug-in Architecture installed # http://download.cactiusers.org/downloads/haloe.tar.gz # It won't be fully functional until you complete everything below # Install SyslogNG cd /usr/ports/sysutils/syslog-ng make make install # Copy the sample configuration file to get you started cp /usr/local/etc/syslog-ng/syslog-ng.conf.sample /usr/local/etc/syslog-ng/syslog-ng.conf # Edit your startup parameters to enable starting on reboot by adding two lines vi /etc/rc.conf syslogd_program="/usr/local/sbin/syslog-ng" syslogd_flags="" # Edit the SyslogNG configuration file to suit your needs vi /usr/local/etc/syslog-ng/syslog-ng.conf # # .notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages # log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; log { source(src); filter(f_mail); filter(f_crit); destination(messages); }; log { source(src); filter(f_news); filter(f_err); destination(messages); }; # HERE IS THE NEW LINE YOU NEED TO ADD log { source(src); filter(f_local7); destination(messages); }; # Shut down the standard FreeBSD syslogd kill `cat /var/run/syslog.pid` # Start the new syslog-ng: /usr/local/sbin/syslog-ng # At this point you have swapped out the FreeBSD built-in Syslog with the newer SyslogNG*

**Step #2**
Telling Syslog-NG to write to MySQL
# NOTE: You should have already completed these next 9 lines back when you setup Cacti's Plug-ins! # Create the syslog database and import the table structures used by Haloe (Syslog) Cacti plugin # mysqladmin --user=mysql create syslog # /opt/mysql/bin/mysql syslog < /opt/apache/htdocs/cacti/plugins/haloe/syslog.sql # Give permission for the cacti database user to access the syslog database tables # /opt/mysql/bin/mysql --user=root -p mysql # GRANT ALL ON syslog.* TO cactiuser@localhost IDENTIFIED BY 'cactipassword'; # GRANT ALL ON syslog.* TO cactiuser@"%" IDENTIFIED BY 'cactipassword'; # flush privileges; # exit # Edit the Syslog-ng conf vi /usr/local/etc/syslog-ng/syslog-ng.conf destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO syslog_incoming (host, date, time, message, priority, facility) VALUES ( '$HOST', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG', '$PRIORITY', '$FACILITY' );\n") template-escape(yes)); }; log { source(src); destination(d_mysql); }; # Create the fifo pipe for syslog-ng to export out logs mkfifo /var/log/mysql.pipe # Restart syslog-ng process killall syslog-ng /usr/local/sbin/syslog-ng # This script is used to pipe syslog-ng to mysql vi /opt/apache/htdocs/cacti/plugins/syslog/syslog-ng-to-mysql.sh #!/usr/local/bin/bash if [ -e /var/log/mysql.pipe ]; then while [ -e /var/log/mysql.pipe ] do /opt/mysql/bin/mysql -u cactiuser --password=cactipassword syslog < /var/log/mysql.pipe done else mkfifo /var/log/mysql.pipe fi # Make the new script executable chmod a+x /opt/apache/htdocs/cacti/plugins/syslog/syslog-ng-to-mysql.sh # Run the script - Syslog messages should now be dumped into the database as they come in /opt/apache/htdocs/cacti/plugins/syslog/syslog-ng-to-mysql.sh & # Create a startup script so logging to the database restarts after each reboot vi /usr/local/etc/rc.d/syslog-ng-fifo-mysql.sh #!/bin/sh echo -n " Syslog-NG FIFO MySQL Logging" case "$1" in start) /opt/apache/htdocs/cacti/plugins/syslog/syslog-ng-to-mysql.sh & ;; stop) ;; ) echo "" echo "Usage: `basename $0` {start}" >&2 exit 64 ;; esac exit 0 # Make* the new script executable chmod a+x /usr/local/etc/rc.d/syslog-ng-fifo-mysql.sh