>>> mdodson@coremetrics.com 08/16/02 12:56PM
>>>
I noticed one thing. In the following section --
"template-escape"
should be "template_escape"
"
d_mysql
{
>
>
pipe("/tmp/mysql.pipe"
>
> template("INSERT INTO logs (host, facility, priority,
> level,
tag, date,
>
time,
> program, msg) VALUES ( '$HOST', '$FACILITY',
> '$PRIORITY',
'$LEVEL', '$TAG',
>
> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',
> '$MSG'
);\n") template-escape(yes));"
On Fri, 2002-08-16 at
06:49, hicham rahimi wrote:
>
> hi,
>
> i
want to setup logging syslog-ng'messages into a
> mysql database ,in order
to make the messages
> organization more powerful.
>
> i have tested an exemple given in
www.vermeer.com> but it doesn't
work.
> if any one have tested it , tell me please if
it
> contain a bug or not
>
thanks
> hicham;
>
> here the
exemple:
>
> Centralized syslog-ng to mysql
database
>
>
> by Michael Earls
>
> To
established a centralized location for syslog-ng
> collection in order to
facilitate:
>
> Immediate log reporting (both real time and
summary
> reporting)
> Long term log storage (for archival and for
possible
> later analysis).
> Tools used:
> syslog-ng
-- template() destinations are only
> supported by the 1.5.x releases.
> mysql
> My Own PhP Files
> phpmyedit
>
phpmyadmin
> Syslog-ng/Pipe Scripts
> MySql Replication
>
>
> Demo
https://daffy.chmcc.org/syslog//>
This site is still in testing phase
>
>
> Demo-files The
files I used for the Demo -- NEW DEMO
> FILE --
>
> To setup
syslog-ng to log to a mysql database. This
> assumes that you have
installed and setup syslog-ng
> and mysql.
>
> Edit the
syslog-ng.conf file
> This tells
syslog-ng to pipe to a fifo template
>
> Add the following lines
--
>
>
## Log syslog-ng
> to mysql database
>
##
>
>
destination
> d_mysql
{
>
>
pipe("/tmp/mysql.pipe"
>
> template("INSERT INTO logs (host, facility, priority,
> level,
tag, date,
>
time,
> program, msg) VALUES ( '$HOST', '$FACILITY',
> '$PRIORITY',
'$LEVEL', '$TAG',
>
> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',
> '$MSG'
);\n")
template-escape(yes));
>
};
>
log {
> source(net);
destination(d_mysql);
>
};
>
> Then comment out this line --
>
>
# This is the
> default behavior of sysklogd
package
>
# Logs may
> come from unix stream, but not from another
machine.
>
#
>
#source src {
> unix-dgram("/dev/log"); internal(); };
>
>
Then uncomment out this line --
>
>
# If you wish
> to get logs from remote machine you should
uncomment
>
# this and
> comment the above source
line.
>
#
>
source src {
> unix-dgram("/etc/log/log"); internal();
};
>
source net {
> udp(); };
>
>
>
> Create
the database for syslog-ng
--
>
> Create a file called
syslog.sql and paste this
> below, this will create the database " syslog"
and
> table " logs" in
mysql.
>
>
#
>
# Table structure for table
>
`logs`
>
#
>
>
CREATE DATABASE syslog;
>
>
USE syslog;
>
>
CREATE TABLE logs
(
>
host varchar(32) default
NULL,
>
facility varchar(10) default
>
NULL,
>
priority varchar(10) default
>
NULL,
>
level varchar(10) default
>
NULL,
>
tag varchar(10) default
NULL,
>
date date default
NULL,
>
time time default
NULL,
>
program varchar(15) default
>
NULL,
>
msg
text,
>
seq int(10) unsigned NOT NULL
>
auto_increment,
>
PRIMARY KEY
(seq),
>
KEY host
(host),
>
KEY seq
(seq),
>
KEY program
(program),
>
KEY time
(time),
>
KEY date
(date),
>
KEY priority
(priority),
>
KEY facility
(facility)
>
) TYPE=MyISAM;
>
>
Run this command
>
>
mysql -u root -p < syslog.sql
>
> This will install the database
into mysql.
>
> Create a fifo pipe file --
> This is the
file that syslog-ng will store
> records before writing to the
database.
>
>
>
mkfifo /tmp/mysql.pipe
>
> You need to restart syslog-ng
--
>
>
/etc/init.d/syslog-ng stop # Stop
>
syslog-ng
>
/etc/ini.d/syslog-ng start # Start
> syslog-ng
>
> Run this command to pipe the file mysql.pipe to mysql
>
database
>
> You need to create a script that will check to
make
> sure this command is running and restart if stopped.
>
Syslog-ng/Pipe scripts
>
> When this file is
started it will hang, You
> need to create a script and have it run
on startup.
>
>
mysql -u root --password=passwd
> syslog < /tmp/mysql.pipe
>
>
>
>
>
--------------------------------------------------------------------------------
>
>
> This is a mini how-to and is in the second
>
draft::Thanks again to everyone..
>
> Michael
>
> Any
questions just email me
> --Michael@michaelearls.com--
>
>
Created Jan 18, 2002
> Last Updated May 18, 2002
>
>
>
>
___________________________________________________________
> Do You
Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail :
http://fr.mail.yahoo.com>
> _______________________________________________
> syslog-ng
maillist - syslog-ng@lists.balabit.hu
>
https://lists.balabit.hu/mailman/listinfo/syslog-ng>
Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html_______________________________________________
syslog-ng
maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ngFrequently
asked questions at
http://www.campin.net/syslog-ng/faq.html