Syslog plug-in for Cacti

First to all we need to download syslog plug-in from cacti.net and copy the file to the server with WINSCP

When you are ready, extract the file.

tar -xzvf /home/admin/Desktop/syslog-v1.22-2.tgz # Now, we will to create a DB only for Syslog mysql -u root -p CREATE DATABASE syslog; GRANT ALL ON syslog.* \ TO sysloguser@localhost \ IDENTIFIED BY '[SPECIFYCACTIPASS]'; flush privileges; exit mysql -u root -p syslog < /home/admin/Desktop/syslog/syslog.sql # Edit config.php, in this file we must type the correct information regarding DB called syslog, and modify the line $use_cacti_db to false vi /home/admin/Desktop/syslog/config.php $use_cacti_db = false; if (!$use_cacti_db) { $syslogdb_type $syslogdb_default $syslogdb_hostname $syslogdb_username $syslogdb_password $syslogdb_port = = = = = = 'mysql'; 'syslog'; 'localhost'; 'sysloguser'; '[THEPASSWORD]'; 3306;

yum install rsyslog rsyslog-mysql Edit /etc/rsyslog.conf vi /etc/rsyslog.conf # add the following line at the top of the file $ModLoad ommysql $template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL *.* >127.0.0.1,syslog,sysloguser,Jh0n123456;cacti_syslog NOTE: When the code start with $ symbol means that this is one line, then we need add tree lines, OK. $ModLoad imudp $UDPServerRun 514 # Save the file and restart the service

service rsyslog restart

We can see that syslog server is listen in port 514 of UDP # Permit UDP 514 at the firewall -A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT service iptables restart

Now, we can see that IPTABLES permit syslog connections # copy syslog folder to cactis plugins folder cp -r syslog/ /var/www/html/cacti/plugins/ # permit access for read of this folders chown -R admin:admin /var/www/html/cacti/plugins/syslog chmod 775 /var/www/html/cacti/plugins/syslog

chown -R admin:admin /var/www/html/cacti/plugins/* chmod 775 /var/www/html/cacti/plugins/syslog # in order to syslog plug-in work we need to install settings plug-in, download it from cacti.net

# the same process extract and copy to the cactis plug-in folder

tar -xzvf /home/admin/Desktop/settings-v0.71-1.tgz cp -r settings /var/www/html/cacti/plugins chown -R admin:admin /var/www/html/cacti/plugins/settings chmod 775 /var/www/html/cacti/plugins/settings # cisco ios configuration for # first check clock's configuration show clock service timestamps log datetime msec localtime service timestamps debug datetime msec localtime logging logging logging logging on host 192.168.180.3 source-interface vlan 11 trap warnings

syslog

When this is done, we can access to cacti website

Select Plugin Management under Configuration and enable the two plugins, when this is done, the window looks like this. When we try to enabe syslog plugin a window appear like this.

Click upgrade.

Now, when the plugins has been installed and enabled, we can see a new tab called syslog click it. And

# Ok, now we must check if traffic is sending to the syslog server iptables -L -v