UDP is: SYSLOG: ----- SYSLOG: ----- SYSLOG: SYSLOG: "<172>Apr 25 2003 14:06:02: %PIX-4-106023: Deny tcp src insid" SYSLOG: Thanks, Robin -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Friday, April 25, 2003 2:17 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Double timestamps cause DB issue On Fri, Apr 25, 2003 at 12:17:32PM -0400, Robin Brown wrote:
Hello,
Running syslog-ng version 1.5.26 on Solaris 8. All is working well, except now I want to log to a MySQL database. I can also get that to work, the problem is the double time stamp in the syslog entry. When it gets put in the database the second timestamp ends up in the program field instead of the actual program.
Looking thru the archives, I can find reference to the template macros, but there only appears to be one MSG macro available. Below is a sample log line:
Apr 25 11:40:36 mydevice.mydomain.com Apr 25 2003 11:13:09: %PIX-4-106023: Deny tcp src inside:111.222.333.444/1343 dst outside:555.999.777.888/80 by access-group "outbound"
And my database definition from syslog-ng.conf:
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date,time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG','$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
And a sample from the database:
host,facility,priority,level,tag,date,time,program,msg,seq
mydevice.mydomain.com,local5,warning,warning,ac,2003-04-25,10:26:14,Apr,
Apr 25 2003 09:58:46: %PIX-4-106023: Deny tcp src inside:192.168.176.204/3954 dst outside:216.23.181.206/80 by access-group "outbound",1
"Apr" is put in the program field and the message plus the second timestamp is added to the msg filed.
you can play with check_hostname and bad_hostname options, what does syslog-ng receive in the UDP packet? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html