<div dir="ltr"><div><div><div>Hi, <br><br></div>The syslog-ng mongodb driver has a username and a password option ( <a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-mongodb.html#mongodb-option-password">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-mongodb.html#mongodb-option-password</a> ). For the mongodb side, see <a href="https://docs.mongodb.org/v2.6/tutorial/enable-authentication/">https://docs.mongodb.org/v2.6/tutorial/enable-authentication/</a><br><br></div>HTH, <br><br></div>Robert <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 21, 2016 at 10:09 AM, Ivan Adji - Krstev <span dir="ltr"><<a href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">Hi all, <br>
<br>
Thanks for the answers, <br>
I thought that i have to create first tables and databases etc.
But seem like its just writing. Can you give me some tips on how
to protect the mongo with Usernames and Password ?<br>
<br>
Im using Mongo 2.6.11 with Syslog-NG version 3.8.0alpha0 with
LogAnalyzer too. I have installed previous and works perfect with
MariaDB, but after some time start to eat mu CPU and RAM so i
decide to go with Mongo etc. <br>
<br>
<br>
Kind regards<span class="HOEnZb"><font color="#888888"><br>
Ivan <br>
<br>
</font></span></font><div><div class="h5"><br>
<div>On 04/20/2016 05:32 PM, Budai, László
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>which syslog-ng do you use and which mongodb?</div>
<div><br>
</div>
<div>Previous syslog-ng versions supports only the 2.x mongodb
series, 3.2.x series is supported only by the syslog-ng
upstream (version 3.8).</div>
<div>We moved to the official mongo-c library and -temporary-
broke the configuration (we have a PR[1] that will support the
previous config format - we will merge this soon). Until we
won't merge the patch, you can use the new config options. </div>
<div><br>
</div>
<div>So if you want to use the 3.2.x mongodb, you have to
compile syslog-ng from source.</div>
<div><br>
</div>
<div>Small tutorial:</div>
<div>1. docker: install mongodb 3.2.5<br>
</div>
<div>
<div><br>
</div>
<div><a href="https://docs.mongodb.org/master/tutorial/install-mongodb-on-ubuntu/?_ga=1.190134827.1652922526.1461162613" target="_blank">https://docs.mongodb.org/master/tutorial/install-mongodb-on-ubuntu/?_ga=1.190134827.1652922526.1461162613</a></div>
<div><br>
</div>
<div><br>
</div>
<div>2. start mongodb</div>
<div><br>
</div>
<div>root@a3e9571e39eb:/# mongod --bind_ip 172.17.0.2</div>
<div><br>
</div>
<div><br>
</div>
<div>3. build & configure</div>
<div><br>
</div>
<div>git clone <a href="https://github.com/balabit/syslog-ng" target="_blank">https://github.com/balabit/syslog-ng</a></div>
<div>cd syslog-ng</div>
<div>./autogen.sh</div>
<div>cd ..</div>
<div>mkdir build</div>
<div>cd build</div>
<div>../syslog-ng/configure --prefix /opt/syslog-ng.upstream</div>
<div>make </div>
<div>make install</div>
<div><br>
</div>
<div>[if you need help on howto compile syslog-ng, we can
help]</div>
<div><br>
</div>
<div>/opt/syslog-ng.upstream/etc/syslog-ng.conf:</div>
<div>@version: 3.8</div>
<div>@include "scl.conf"</div>
<div><br>
</div>
<div><br>
</div>
<div>source s_network {</div>
<div> network(port(5555));</div>
<div>};</div>
<div><br>
</div>
<div>destination d_mongo {</div>
<div> mongodb (</div>
<div> uri('mongodb://<a href="http://172.17.0.2:27017/syslog-ng" target="_blank">172.17.0.2:27017/syslog-ng</a>')</div>
<div> collection('test')</div>
<div> value-pairs(</div>
<div> scope("selected-macros" "nv-pairs" "sdata")</div>
<div> )</div>
<div> );</div>
<div>};</div>
<div><br>
</div>
<div>log {</div>
<div> source(s_network);</div>
<div> destination(d_mongo);</div>
<div> flags(flow-control);</div>
<div>};</div>
<div><br>
</div>
<div>4. send logs</div>
<div><br>
</div>
<div>stentor@T440s:~$ logger -s MSG:$RANDOM 2>&1 | nc
localhost 5555</div>
<div><br>
</div>
<div>5. query the results</div>
<div>root@a3e9571e39eb:/# mongo <a href="http://172.17.0.2/syslog-ng" target="_blank">172.17.0.2/syslog-ng</a></div>
<div><br>
</div>
<div>MongoDB shell version: 3.2.5</div>
<div>connecting to: <a href="http://172.17.0.2/syslog-ng" target="_blank">172.17.0.2/syslog-ng</a></div>
<div>> db.test.find({'PROGRAM':'stentor'})</div>
<div>{ "_id" : ObjectId("57179ae358d80574d81440e1"), "TAGS" :</div>
<div>> ".source.s_network", "SOURCEIP" : "127.0.0.1",
"SOURCE" : "s_network",</div>
<div>> "SEQNUM" : "1", "PROGRAM" : "stentor", "PRIORITY" :
"notice", "MESSAGE" :</div>
<div>> "MSG:4854", "LEGACY_MSGHDR" : "stentor: ",
"HOST_FROM" : "localhost",</div>
<div>> "HOST" : "localhost", "FACILITY" : "user", "DATE" :
"Apr 20 17:06:11" }</div>
<div>{ "_id" : ObjectId("57179ae858d80574d81440e2"), "TAGS" :</div>
<div>> ".source.s_network", "SOURCEIP" : "127.0.0.1",
"SOURCE" : "s_network",</div>
<div>> "SEQNUM" : "2", "PROGRAM" : "stentor", "PRIORITY" :
"notice", "MESSAGE" :</div>
<div>> "MSG:31751", "LEGACY_MSGHDR" : "stentor: ",
"HOST_FROM" : "localhost",</div>
<div>> "HOST" : "localhost", "FACILITY" : "user", "DATE" :
"Apr 20 17:06:16" }</div>
<div>{ "_id" : ObjectId("57179b1958d80574ff238bf1"), "TAGS" :</div>
<div>> ".source.s_network", "SOURCEIP" : "127.0.0.1",
"SOURCE" : "s_network",</div>
<div>> "SEQNUM" : "1", "PROGRAM" : "stentor", "PRIORITY" :
"notice", "MESSAGE" :</div>
<div>> "MSG:13698", "LEGACY_MSGHDR" : "stentor: ",
"HOST_FROM" : "localhost",</div>
<div>> "HOST" : "localhost", "FACILITY" : "user", "DATE" :
"Apr 20 17:07:05" }</div>
<div>> </div>
</div>
<div><br>
</div>
<div>[1] <a href="https://github.com/balabit/syslog-ng/pull/981" target="_blank">https://github.com/balabit/syslog-ng/pull/981</a></div>
<div><br>
</div>
<div><br>
</div>
<div>regards,</div>
<div>Laszlo Budai</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Apr 20, 2016 at 1:29 PM, Ivan
Adji - Krstev <span dir="ltr"><<a href="mailto:akivanradix@gmail.com" target="_blank">akivanradix@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font face="Helvetica, Arial, sans-serif">Hi all, <br>
I'm trying to change the DB from InooDB to MongoDB, and
i have install the MongoDB but i can't configure/create
the database and tables on it. Can some one provide with
simple tutorial or the best way to create and configure
the MongoDB database and tables so that can be used by
syslog-ng ?<br>
<br>
Kind regards<span><font color="#888888"><br>
Ivan<br>
</font></span></font> </div>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>