On Thu, 2009-06-04 at 16:14 +0200, gatfi sami wrote:
Hi i a successfully configured a centralised syslog server using syslog-ng 2.09 here is the structure:
syslog-client(read apache error log) -------> send to a syslog-relay ---------> forword to a syslog server ----> centralise in a mysql tabe 'logs'
CREATE TABLE `syslogtopnet`.`log` ( `seq` int(10) unsigned NOT NULL auto_increment, `host` varchar(60) NOT NULL, `facility` varchar(40) NOT NULL, `priority` varchar(40) NOT NULL, `level` varchar(40) NOT NULL, `date_log` date NOT NULL, `time_log` time NOT NULL, `program` varchar(40) NOT NULL, `message` text NOT NULL, PRIMARY KEY (`seq`), KEY `index_log` (`host`) ) ENGINE=InnoDB AUTO_INCREMENT=684 DEFAULT CHARSET=latin1;
my problème is : i find for exemple priority ='Notice' and level='Notice' but in the message i find [warn]
here is an exemple: INSERT INTO `syslogtopnet`.`log` VALUES (320,'192.168.9.195','user','notice','notice','2009-05-19','19:33:24','','[Tue May 19 19:33:24 2009] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]');
i discovered that apache log level are different then syslog's so !!!!!
1 wired isnt it lease is there a solution to keep the same level in the original priority?
well, the apache log files are certainly not syslog messages, thus syslog-ng assumes they have a priority/facility value of "user.notice". in syslog-ng 3.0.2 the options default-facility() and default-level() were added to change that. but still it can only use a predefined value.
2 beside in more than 20589 line in my table priority and level have the same values. is it normal that the level and priority are the same how can this be?
as I said, syslog-ng assumes user.notice for all messages that lack a syslog header. PS: please send your questions to the syslog-ng mailing list, I might not be able to answer them all, and sometimes even not answer. So it is better to send there. -- Bazsi