Re: [syslog-ng]Can't get pipe working
Hi Clayton, wie use ist in slyghtly other way and it writes several gigabytes per dy in our mysql database. 1) the syslog-ng configuration destination d_ToSysLogDB { pipe("/tmp/syslog.pipe" owner("root") group("root") perm(0640) template("insert into syslog(host,facility,priority,level,tag,date,time,progra m,msg) values ('$HOST','$FACILITY', '$PRIORITY', '$LEVEL', '$TAG','$YEAR-$MONTH- $DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(loghost); destination(d_ToSysLogDB); }; 2) there is a script running that takes the data from the pipe and writes them into the databse #!/bin/bash # if [ -e /tmp/syslog.pipe ]; then while [ -e /tmp/syslog.pipe ] do mysql -u syslog --password=<password> syslog -h syslog < /tmp/syslog.pipe done else mkfifo /tmp/syslog.pipe while [ -e /tmp/syslog.pipe ] do mysql -u syslog --password=<password> -h syslog < /tmp/syslog.pipe done fi 3) Keep in mind that a tail -f on a pipe will take all data out of the pipe and you cannot write them into a database. Stephan Dr. Stephan Hendl Systemmanagement ----------------------------------- Landesbetrieb für Datenverarbeitung und Statistik Land Brandenburg Adresse: 14467 Potsdam, Dortustr. 46 Telefon: +49-(0)331 39-471 Fax: +49-(0)331 27548-1187 Mobil: +49-(0)160 90 645 893 EMail: Stephan.Hendl@lds.brandenburg.de Internet: http://www.lds-bb.de
cdukes@cdukes.com 01.07.2004 20:02:57 >>> Hi all, I seem to be having trouble getting a mysql pipe working and thought I would enlist your help.
Here's my config: options { use_fqdn(no); keep_hostname(yes); use_dns(no); long_hostnames(off); sync(0); log_fifo_size(1000); # The default action of syslog-ng 1.6.0 is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats(43200); }; ############################ # Set up Sources ############################ source src { unix-dgram("/dev/log"); internal(); }; source net { udp(); }; source s_jffnms { unix-dgram("/dev/log"); internal(); udp(); }; # MySQL Logs destination d_jffnms { pipe("/tmp/mysql.pipe" template("INSERT INTO syslog (date, date_logged, host, message) VALUES ('$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', NOW\(\), '$FULLHOST', '$MSG');\n") template-escape(yes)); }; destination jffnms_processing { program ("mysql -u jffnms -pjffnms jffnms < /tmp/mysql.pipe"); }; log { source (s_jffnms); #filter (f_jffnms); #if you use it destination (d_jffnms); }; # End When I restart syslog-ng and tail -f /tmp/mysql.pipe nothing comes in (nor are there any database inserts happening). When I do a tcpdump, I do see the event coming into my server, but it seems as though syslog-ng is just dropping the packet...? Regards, Clayton Dukes CCNA, CCDA, CCNP, CCDP Sr. Network Engineer E Solutions Corp. http://www.esnet.com 813.301.2620 (o) 813.545.7373 (c) _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (1)
-
Stephan Hendl