Hello All, Have a question I hope someone can help with. Currently I have Syslog-ng running logging to a mysql db along with keeping files. This is working well. I have a situation where I can not log to the box directly. I need to "pull" the logs to the central log server and import them into the db. As syslogd and syslog-ng do not log all the needed fields by default like facility:level and year, when they are writing them local I need a way to add that to the file. The second problems is how to import them to the db. Is there any tool that will do this for me automatically? Thanks for the assistance.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, regarding adding information to the local log, you could add this to the log destination definition, eg.: destination d_local { file("/var/log/mylogfile.log" template("$DATE $HOST [$FACILITY.$PRIORITY] $MSG\n")); }; The result looks something like this: Apr 25 16:59:09 myhost [local1.info] syslog message follows Greetings, Michael Nick Carstensen wrote:
Hello All,
Have a question I hope someone can help with.
Currently I have Syslog-ng running logging to a mysql db along with keeping files. This is working well. I have a situation where I can not log to the box directly. I need to "pull" the logs to the central log server and import them into the db. As syslogd and syslog-ng do not log all the needed fields by default like facility:level and year, when they are writing them local I need a way to add that to the file.
The second problems is how to import them to the db. Is there any tool that will do this for me automatically?
Thanks for the assistance. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
- -- Michael Redinger Zentraler Informatikdienst (Central IT Services) Universitaet Innsbruck Technikerstrasse 13 Tel.: ++43 512 507 2335 6020 Innsbruck Fax.: ++43 512 507 2944 Austria Mail: Michael.Redinger@uibk.ac.at BB98 D2FE 0F2C 2658 3780 3CB1 0FD7 A9D9 65C2 C11D http://homepage.uibk.ac.at/~c102mr/mred-pubkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFETjoyD9ep2WXCwR0RAoo+AKCKxQrcmNfDhCj5MPa+XzcSZbKKegCgpzti +BssjXgkZbz0OATuDUajyoY= =FrIc -----END PGP SIGNATURE-----
Michael, Thanks for the reply, I did not describe my situation very well, but your solution will help with other needs. I have multiple boxes where I can not directly syslog to the central server. What I do is, scp the files back to the central log server. From here I would like to uncompress them and then import the files into the database. Hope that is a bit clearer. Nick On 4/25/06, Michael Redinger <Michael.Redinger@uibk.ac.at> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
regarding adding information to the local log, you could add this to the log destination definition, eg.:
destination d_local { file("/var/log/mylogfile.log" template("$DATE $HOST [$FACILITY.$PRIORITY] $MSG\n")); };
The result looks something like this:
Apr 25 16:59:09 myhost [local1.info] syslog message follows
Greetings, Michael
Nick Carstensen wrote:
Hello All,
Have a question I hope someone can help with.
Currently I have Syslog-ng running logging to a mysql db along with keeping files. This is working well. I have a situation where I can not log to the box directly. I need to "pull" the logs to the central log server and import them into the db. As syslogd and syslog-ng do not log all the needed fields by default like facility:level and year, when they are writing them local I need a way to add that to the file.
The second problems is how to import them to the db. Is there any tool that will do this for me automatically?
Thanks for the assistance. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
- -- Michael Redinger Zentraler Informatikdienst (Central IT Services) Universitaet Innsbruck Technikerstrasse 13 Tel.: ++43 512 507 2335 6020 Innsbruck Fax.: ++43 512 507 2944 Austria Mail: Michael.Redinger@uibk.ac.at BB98 D2FE 0F2C 2658 3780 3CB1 0FD7 A9D9 65C2 C11D http://homepage.uibk.ac.at/~c102mr/mred-pubkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFETjoyD9ep2WXCwR0RAoo+AKCKxQrcmNfDhCj5MPa+XzcSZbKKegCgpzti +BssjXgkZbz0OATuDUajyoY= =FrIc -----END PGP SIGNATURE----- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hi, one line should do the work for you: zcat mygnuziplogfile.gz | awk '{print "INSERT INTO tablename VALUES("$1 $2 $3","$4","$5");"}' > sqlcommands.sql You have to rewrite the awk stuff because I dont know how your table layout locks like and I also dont know how your logfile locks like. Sorry for the english.... it is a work in progress! Am Dienstag, den 25.04.2006, 11:48 -0500 schrieb Nick:
Michael,
Thanks for the reply,
I did not describe my situation very well, but your solution will help with other needs. I have multiple boxes where I can not directly syslog to the central server. What I do is, scp the files back to the central log server. From here I would like to uncompress them and then import the files into the database.
Hope that is a bit clearer.
Nick
On 4/25/06, Michael Redinger <Michael.Redinger@uibk.ac.at> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
regarding adding information to the local log, you could add this to the log destination definition, eg.:
destination d_local { file("/var/log/mylogfile.log" template("$DATE $HOST [$FACILITY.$PRIORITY] $MSG\n")); };
The result looks something like this:
Apr 25 16:59:09 myhost [local1.info] syslog message follows
Greetings, Michael
Nick Carstensen wrote:
Hello All,
Have a question I hope someone can help with.
Currently I have Syslog-ng running logging to a mysql db along with keeping files. This is working well. I have a situation where I can not log to the box directly. I need to "pull" the logs to the central log server and import them into the db. As syslogd and syslog-ng do not log all the needed fields by default like facility:level and year, when they are writing them local I need a way to add that to the file.
The second problems is how to import them to the db. Is there any tool that will do this for me automatically?
Thanks for the assistance. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
- -- Michael Redinger Zentraler Informatikdienst (Central IT Services) Universitaet Innsbruck Technikerstrasse 13 Tel.: ++43 512 507 2335 6020 Innsbruck Fax.: ++43 512 507 2944 Austria Mail: Michael.Redinger@uibk.ac.at BB98 D2FE 0F2C 2658 3780 3CB1 0FD7 A9D9 65C2 C11D http://homepage.uibk.ac.at/~c102mr/mred-pubkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFETjoyD9ep2WXCwR0RAoo+AKCKxQrcmNfDhCj5MPa+XzcSZbKKegCgpzti +BssjXgkZbz0OATuDUajyoY= =FrIc -----END PGP SIGNATURE----- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Apr 25, 2006, at 10:48 AM, Nick wrote:
I did not describe my situation very well, but your solution will help with other needs. I have multiple boxes where I can not directly syslog to the central server. What I do is, scp the files back to the central log server. From here I would like to uncompress them and then import the files into the database.
you might try saving to files on remote hosts as template("<$TAG> $DATE $HOST $MSG") compress/scp/uncompress as needed, then on your central syslog collector: setup a fifo mkfifo /var/log/log_fifo configure syslog-ng to watch that fifo: source s_fifo {pipe("/var/log/log_fifo");}; and insert messages to your db log{source(s_fifo); destination(d_mysql); flags(flow-control); }; where d_mysql is your save-to-database destination. flow-control requires 1.9.x. then periodically `cat collected_files > /var/log/log_fifo` not sure the best place to deal with YEAR, but maybe by modifying above template() or in d_mysql. -- +--------------------------------------------------------------+ | Jon Stearley (505) 845-7571 (FAX 844-9297) | | Sandia National Laboratories Scalable Systems Integration | +--------------------------------------------------------------+
participants (5)
-
Jon Stearley
-
Mario Gzuk
-
Michael Redinger
-
Nick
-
Nick Carstensen