I got this working without any trouble by following the docs: have you tailed the pipe while syslog-ng is running? have you created the database properly and got the authentication correct? Does the script persist? Is MySQL running. Is the db name correct? etc... I can't see what is wrong with your config off the top of my head, so here is my relevent setup snippets for reference options { chain_hostnames(0); stats(0); time_reopen(10); time_reap(360); log_fifo_size(2048); create_dirs(yes); group(adm); perm(0600); dir_perm(0700); use_dns(yes); keep_hostname(no); }; source s_int { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; source s_net { tcp( port(50514) ); udp(); }; destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host,facility,priority,level,tag,datetime,program,msg) VALUES ('$HOST','$FACILITY','$PRIORITY','$LEVEL','$TAG','$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM','$MSG');\n") template-escape(yes)); }; log { source(s_int); source(s_net); destination(d_mysql); }; Also, your bash works, just about but could be improved to first test and create the fifo if necessary and then use it, that way it won't fail, create the pipe and do nothing (doh). This is better: if [ ! -e /var/log/mysql.pipe ] then mkfifo -m 600 /var/log/mysql.pipe fi while [ -e /var/log/mysql.pipe ] do mysql -u username --password=password syslog < /var/log/mysql.pipe >/dev/null done It's obvious you're trying to do the whole central logserver with web interface bit so I suggest that google is your friend, I have found syslog-ng is good, but there is basically no support of any kind, irc is dead and this list is very low traffic. So I recommend you try to make the best use of the docs and google and don't rely too much on outside help. Best of Luck Hari Sekhon On 25/08/06, Matthew Redel <mredel@gmail.com> wrote:
Running 1.6.9 version of syslog-ng. libol version 3.9 OS is Redhat Fedora 4. mysql version is 4.1.12 . Below is my config:
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (yes); use_fqdn (yes); create_dirs (yes); keep_hostname (yes); };
source s_net { udp(ip(0.0.0.0) port(514)); };
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, f acility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACI LITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$ PROGRAM', '$MSG');\n") template-escape(yes)); };
log { source(s_net); destination(d_mysql); };
Here is the script used to pipe /tmp/mysql.pipe into databse:
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then while [ -e /tmp/mysql.pipe ] do mysql -u syslog --password=password syslog < /tmp/mysql.pipe done else mkfifo /tmp/mysql.pipe fi
I have confirmed that I can redirect echo to the pipe, so I know the pipe is working. I've even chmod 777 the pipe. I have also confirmed that log messages are coming in over the network using tcpdump and when I use syslog-ng to log to file, it works just fine. Why doesn't syslog-ng output to the pipe, argh!? Any help would be greatly appreciated.
Matt
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html