<div dir="ltr">hi<br><br>i am configuring a centralised syslog server and when i arrived to the writing into the database there is some thing wrong <br><br>because when i use a file as destination i see incoming logs when i restart apache2 or mysql in the client<br>
<br>"tail - f /"<br>i use syslog -ng 2.0<br><br>here is the client<br><b>source my_src{<br>file("/var/log/apache2/error_log" follow_freq(1) );<br><br>file("/var/lib/mysql/mysqld.log" follow_freq(1) );<br>
<br>};<br><br><br>destination loghost {<br> tcp("192.168.1.69" port(514));<br>};<br>log {<br> source(my_src);<br> destination(loghost);<br>};</b><br> <br><br><br>here is the server<br><br>
<b> source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes));<br>#udp();<br> };<br><br>destination d_mysql {<br> pipe("/tmp/mysql.pipe"<br> template("INSERT INTO logs (host, facility, priority, level, tag, date,<br>
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',<br> '$TAG',<br> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")<br>
template-escape(yes));<br>};<br>log { source(mysrc); destination(d_mysql);<br>};<br></b><br><br>note that a databes names syslog is already created and contain a table logs;<br><br><br><br>if itry the following command : syslog-ng -f /etc/syslog-ng/syslog-ng.conf<br>
<br>Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'<br>Error initializing source driver; source='mysrc'<br><br><br>ps i used to use the server as relai and send by udp using the same port 514 but now everinthing is <br>
<br>commented like this #<br><br>need help<br></div>