Hi, I'm trying to setup a central logging server to get logs from many hosts on a network, and store in a mysql database. I followed the following docs:: http://gentoo-wiki.com/HOWTO_setup_PHP-Syslog-NG http://vermeer.org/docs/1 only nothing is being logged :D my syslog-ng.conf so far:: # $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.c onf.gentoo,v 1.5 2005/05/12 05:46:10 mr_bones_ Exp $ # # Syslog-ng default configuration file for Gentoo Linux # contributed by Michael Sterrett options { chain_hostnames(off); keep_hostname(yes); log_fifo_size(1024); sync(0); # The default action of syslog-ng 1.6.0 is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats(43200); }; source shell { unix-dgram("/dev/log"); internal(); #tcp( port(5141) keep-alive(yes) max-connections(3000)); udp(ip(0.0.0.0 <http://0.0.0.0>),port(514)); }; source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; source net {udp(); }; destination messages { file("/var/log/messages"); }; # By default messages are logged to tty12... destination console_all { file("/dev/tty12"); }; # ...if you intend to use /dev/console for programs like xconsole # you can comment out the destination line above that references /dev/tty12 # and uncomment the line below. #destination console_all { file("/dev/console"); }; log { source(src); destination(messages); }; log { source(src); destination(console_all); }; log { source(shell); filter(allstuff);destination(testfile); }; log { source(net); destination(testfile); }; filter allstuff { host("194.146.*"); }; # pipe messages to /var/log/mysql.pipe to be processed by mysql destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; #destination testfile { destination testfile { file("/var/log/test/$HOST/zab.log" sync(0) log_fifo_size(10) create_dirs(yes) owner(root) group(system) perm(0660) dir_perm(0770)); }; i suspected something wrong with the way i setup mysql database.. thats why i added the last bit, to log to a text file, still nothing .. i cant figure out what else could be wrong. Any help appreciated. Greets, Naim
originally i used the gentoo-wiki document to help me out but then i had to do some tweaking on my own. also, use this for php-syslog-ng: http://www.phpwizardry.com/php-syslog-ng.php it is much better and maintained. This is another howto that I found useful: http://www.campin.net/newlogcheck.html What I would do in your case is strip down the syslog-ng.conf to a simple form and only concentrate on getting it to log into text files first. then create your mysql method (i used a mysql pipe) and try to get that working. here is a copy of my syslog-ng.conf options { use_fqdn(no); use_dns(yes); dns_cache(yes); keep_hostname(yes); long_hostnames(off); sync(0); stats(43200); log_fifo_size(1024); }; source client_udp { udp(); }; source client_tcp { tcp(); }; destination hosts { file("/var/log/syslogs/messages" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(client_udp); destination(hosts); }; log { source(client_tcp); destination(hosts); }; log { source(client_udp); destination(d_mysql); }; log { source(client_tcp); destination(d_mysql); }; naim abu darwish wrote:
Hi, I'm trying to setup a central logging server to get logs from many hosts on a network, and store in a mysql database. I followed the following docs::
http://gentoo-wiki.com/HOWTO_setup_PHP-Syslog-NG
only nothing is being logged :D my syslog-ng.conf so far::
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog- ng.conf.gentoo,v 1.5 2005/05/12 05:46:10 mr_bones_ Exp $ # # Syslog-ng default configuration file for Gentoo Linux # contributed by Michael Sterrett
options { chain_hostnames(off); keep_hostname(yes); log_fifo_size(1024); sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats(43200); };
source shell { unix-dgram("/dev/log"); internal(); #tcp( port(5141) keep-alive(yes) max-connections(3000)); udp(ip(0.0.0.0 <http://0.0.0.0>),port(514)); };
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
source net {udp(); };
destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12... destination console_all { file("/dev/tty12"); }; # ...if you intend to use /dev/console for programs like xconsole # you can comment out the destination line above that references /dev/tty12 # and uncomment the line below. #destination console_all { file("/dev/console"); };
log { source(src); destination(messages); }; log { source(src); destination(console_all); }; log { source(shell); filter(allstuff);destination(testfile); }; log { source(net); destination(testfile); }; filter allstuff { host("194.146.*"); };
# pipe messages to /var/log/mysql.pipe to be processed by mysql
destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
#destination testfile { destination testfile { file("/var/log/test/$HOST/zab.log" sync(0) log_fifo_size(10) create_dirs(yes) owner(root) group(system) perm(0660) dir_perm(0770)); };
i suspected something wrong with the way i setup mysql database.. thats why i added the last bit, to log to a text file, still nothing .. i cant figure out what else could be wrong.
Any help appreciated.
Greets, Naim
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Ken Garland
-
naim abu darwish