That sounds similar to what we were thinking initially, but then ended up with flat file storage and doing standard end of day reports instead as unix shell was more a natural fit (for us) [as well as perl scripts]. On Mon, 25 Oct 2004 20:11:11 -0400, Joseph Deck <jdeck@wittenberg.edu> wrote:
All,
We have installed syslog-ng on our unix systems pointing them, some network devices, and some Windows systems events to a central syslog-ng server. The central server is currently piping the information to a Mysql database. Each incoming device writes to its own table in the database. A modification to this we would like to accomplish is to key various pieces of information stored in the "message" field.
For example, syslog messages sent from the mail servers will contain the sender, recipient, delivery status in the "message" field. Our thought is to key these pieces of information for quick lookup. Some of the systems (Cisco Pix) are sending up to 5G of information a day. Another reason to key the information.
Our current thought is to send the output of syslog-ng to a Perl script which will parse the message field based upon the source. The Perl script would then write it to the database.
Is there a better approach? Any suggestions would be appreciated.
Joseph G. Deck Director of Computing Services Wittenberg University Phone: (937) 525-3800 Fax: (937) 327-7372
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html