Hi List,
I have 2 questions about the sql driver. First, I am trying to get messages into sql using the sql driver but I get an error when I try and restart syslog-ng when I enable the log statement with the sql destination. The syslog-ng --syntax-only command runs without any issues but systemd throws and error that it cannot restart the service but doesn't give a clear reason. My config is below, doesn't anyone know where in a log I can see why it won't restart??
source s_network { udp(ip(0.0.0.0) port(514)); };
destination d_mysql {
sql(type(mysql)
host("127.0.0.1")
username("syslog-ng")
password("password")
database("syslog")
table("messages_${HOST}")
columns("date", "host", "message")
values("${R_DATE}", "${HOST}", "${MESSAGE}")
indexes("date", "host") );
};
log { source(s_network); destination(d_mysql); };
My second question is can you use a template with the sql destination driver? I need to reformat some Cisco Nexus logs because of how it formats the date (looks to be non RFC compliant) and if so, can someone give me a sample of config with the template in the sql destination driver? I cannot seem to find in the docs if this is even possible much less and example of how to do it.
TIA,
Max