Fekete Robert <frobert@balabit.hu> wrote:
in 2.0.x, the sql() destination was available only in the Premium Edition. In the open source edition it was released in 3.0 (or something like that). You can either upgrade to syslog-ng OSE 3.x, or use a program()/pipe() destination and load the messages to SQL using an external script.
A postgresql example I use is: ---- destination d_sql_mac2addr { # program("sh -c 'PGPASSFILE=/etc/syslog-ng/pgpass psql --no-readline --quiet --no-password --host=sql.example.com --log-file=/tmp/sql.log DATABASE USERNAME > /dev/null 2> /dev/null'" program("sh -c 'PGPASSFILE=/etc/syslog-ng/pgpass psql --no-readline --quiet --no-password --host=sql.example.com DATABASE USERNAME > /dev/null 2> /dev/null'" template("SELECT record_addr('$ISODATE', '${MAC2ADDR.MAC}', '${MAC2ADDR.ADDR}');\n")); }; ---- Obviously the OP will need to fix it for mysql rather than psql plus no doubt they will want an alternative template :) Cheers -- Alexander Clouter .sigmonster says: Tomorrow, you can be anywhere.