Hi Arash, On Tue, Sep 15, 2015 at 05:47:44AM +0000, Arash Shams wrote:
ELK solution is not suitable for us to collect all logs in one server . i prefer to use syslog-ng to collect all logs in Mysql database. is there possible to send all servers log to one syslog-ng server and that collect them to database ? anyone can give me a good configuration file or some examples in this case ?
The most straightforward would be to simply define a network() destination. If you want to transfer non-standard key-values (other than PID, PROGRAM, MSG, DATE, PRI, etc.) you will have to add more config though. Two good solutions: * using flags(syslog-protocol) and using .SDATA.* macros * using JSON, i.e. a template like "$(format-json --scope all-nv-pairs)" on one side, and a JSON parser on the remote end (json-parser()) There's lots of examples out there and I'd be happy to point you to some if you can't find them. Cheers