Hi all –

 

I deleted the db – and fell back to just using the mysql fifo method – this is working well -

 

From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Edward Brookhouse
Sent: Tuesday, July 05, 2005 11:09 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng] DB probs

 

Hi all –

 

I am upgrading from the syslog-ng 1.7 branch on one machine to another server using the 1.9.4 branch.

 

Using this on the new server I am building, I can not get any data to write to a mysql database. Using  mysql 4.1.11-2 and Syslogng 1.9.4 on RH Fedora Core 4 kernel 2.6.12-1

 

Using the syslog-ng config file and database setup from the older server that is still running does not work.

 

So – I tried switching from using a mysql pipe file to using sqlsyslogd – same results –

 

Log data flows in, gets written to a log file, but never gets inserted into the db –

 

The db structure looks ok – the sqlsyslogd is running well – not much in the way of being able to debug that but ….gonna try to pass it through a debugger

 

Here is the relevant portion of my conf

 

 

destination sqlsyslogd {

        program("/usr/local/sbin/sqlsyslogd -h localhost -u root -t logs syslog -p");

};

 

 

With the password specified in sqlsyslogd.conf  (this is one word on a line by itself – is that right???)

 

 

 

 

When a log entry comes in I do see an error about writing to FD 7

 

 

[root@io etc]# syslog-ng -F -e -v -d -f /etc/syslog-ng/syslog-ng.conf

Starting destination program; cmdline='/usr/local/bin/syslog-mail'

Starting destination program; cmdline='/usr/local/sbin/sqlsyslogd -h localhost -u root -t logs syslog -p'

Starting destination program; cmdline='/usr/local/bin/syslog-mail-perl'

syslog-ng starting up; version='1.9.4'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

 

 

 

Syslog connection accepted; to='AF_UNIX(/dev/log)', from='AF_UNIX(\xff\xff\xff\xff\x19)'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

Incoming log entry; line='<86>Jul  5 11:05:01 sshd[6703]: Accepted password for ebroo from ::ffff:172.17.17.193 port 33316 ssh2'

Initializing destination file writer; filename='/var/log/syslog', template='/var/log/syslog'

Initializing destination file writer; filename='/var/log/HOSTS/io/2005/07/05/05', template='/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_$YEAR_$MONTH_$DAY'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

EOF occurred while reading; fd='7'

Closing log reader fd; fd='7'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

Syslog connection accepted; to='AF_UNIX(/dev/log)', from='AF_UNIX(-)'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

Incoming log entry; line='<38>Jul  5 11:05:01 sshd(pam_unix)[6705]: session opened for user ebroo by (uid=0)'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

EOF occurred while reading; fd='7'

Closing log reader fd; fd='7'

log_reader_fd_prepare(); window_size='100'

log_reader_fd_prepare(); window_size='100'

 

 

 

 

 

Any thoughts appreciated!!!!!!!!!!!!

 

Edward

ebroo@healthydirections.com