Configuration

This chapter describes the functioning of the module as well as the configuration of the latter.

Configuration files

The configuration directory of Centreon Syslog Server is ‘/etc/centreon-syslog/’.

This directory includes:

  • syslog.conf.php
  • syslog.conf.pm

This files are used by a PHP cron scripts to manage “centreon_syslog” database.

The file /etc/centreon-syslog/syslog.conf.php can be generate from Centreon Syslog Frontend GUI. Please use frontend GUI to modify parameters and export those. If you modify manually this file, it can be overwrite by GUI.

Database functioning

The Centeon Syslog Server database generates every day two tables:

  • cache
  • logs

Every morning the PHP cron script ‘/usr/share/centreon-syslog/cron/tableLogRotate.php’ moves tables ‘cache’ and ‘logs’ to ‘cacheYYYMMDD’ and ‘logsYYYMMDD’. The ‘logs’ table includes only Syslog event of the actuel day. This table is used by Centreon Syslog Frontend real monitoring page to display events. The ‘cache’ table contains information generated by the PHP cron script ‘/usr/share/centreon-syslog/cron/reloadCache.php’.

This table is used by Centreon Syslog Frontend real monitoring page to display available filters for hosts, severity, facility, program, etc. A MySQL MERGE tables allow to group all ‘cache’ and ‘logs’ tables to ‘all_cache’ and ‘all_logs’. These MySQL tables are used by Centreon Syslog Frontend search page.

Besides tables ‘cache’, ‘ logs ‘, ‘ all_cache ‘ and ‘ all_logs ‘ a table ‘instance’ allows to know the state of execution of cron.

Syslog events and database

The Centreon Syslog Server module uses dependences to ‘rsyslog’ and ‘rsyslog-mysql’ packages and modify original rsyslog configuration file (‘/etc/rsyslog.conf’) to insert Syslog events into ‘centreon_syslog’ database:

$ModLoad imtcp.so  # load module
$ModLoad imudp.so  # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514

...

$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES('%HOSTNAME%','%syslogfacility-text%','%syslogpriority-text%','%syslogseverity%','%syslogtag%','%timereported:::date-mysql%','%programname%', '%msg%')", SQL
*.* >127.0.0.1,centreon_syslog,centreon_syslog,mvh29123;sysMysql

The first three lines allow to accept Syslog evetns from TCP and UDP protocol on port 514. The last two lines describe how to insert events into database and parameters to connect to ‘centreon_syslog’ database (IP;database name;user;password;). Please sse http://www.rsyslog.com/doc/manual.html for more information.

Cron functioning

The definition of the PHP cron scripts is defined in the file ‘/etc/cron.d/centreon-syslog’:

*/2 * * * * syslog php -q /usr/share/centreon-syslog/cron/reloadCache.php >> /var/log/centreon-syslog/reloadCache.log
59 23 * * * syslog php -q /usr/share/centreon-syslog/cron/tableLogRotate.php >> /var/log/centreon-syslog/SyslogRotation.log

The script ‘reloadCache.php’ generates every 2 minutes real monotirring filters using information from ‘logs’ table.

The script ‘tableLogRotate.php’ rotates every night ‘cache’ and ‘logs’ tables to ‘cacheYYYMMDD’ and ‘logsYYYMMDD’. Moreover this script delete old ‘cacheYYYMMDD’ and ‘logsYYYMMDD’ tables using retention day defined in ‘/etc/centreon-syslog/syslog.conf.php’ file.

Retention of data

The ‘$syslogOpt[“syslog_db_rotate”]’ parameter defined in ‘/etc/centreon-syslog/syslog.conf.php’ file describes the duration in days of retention of the Syslog events in ‘centreon_syslog’ database.

Notice: you must configure retention days fron Centreon Syslog Frontend GUI and export configuration to the Centreon Syslog Server.

Log of PHP scripts

The logs of the PHP scripts are available in the directory ‘/var/log/centreon-syslog’. A logrotate definition can be write into ‘/etc/logrotate.d/centreon-syslog’ with following lines:

/var/log/centreon-syslog/*log {
      compress
      daily
      notifempty
      missingok
      rotate 7
      size 100M
}