Re: [syslog-ng] problem in writing to database 2
Add a « & » at the end of the line with « mysql » to run the mysql client as a background task. _____ De : syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] De la part de gatfi sami Envoyé : dimanche 5 avril 2009 02:31 À : Syslog-ng users' and developers' mailing list Objet : [syslog-ng] problem in writing to database 2 i succefully added the folowing script to /etc/profile it recreates the pilpline but when i get access to the virtual machine by ssh it is blocked like this: Password: Last login: Sun Apr 5 03:08:51 2009 from linux-ux35.lan Have a lot of fun... i have to tape ctrl + c to have linux-test1:~ # i have to tape ctrl +c to get access to it here is the script #!/bin/bash if [ -e /tmp/mysql.pipe ]; then while [ -e /tmp/mysql.pipe ] do mysql -u root --password= syslog< /tmp/mysql.pipe done else mkfifo /tmp/mysql.pipe fi i think the problem is from mysql -u root --password= syslog< /tmp/mysql.pipe 2009/4/4 gatfi sami <pfegatfi.sami@gmail.com <mailto:pfegatfi.sami@gmail.com> > hi i am configuring a centralised syslog server and when i arrived to the writing into the database there is some thing wrong because when i use a file as destination i see incoming logs when i restart apache2 or mysql in the client "tail - f /" i use syslog -ng 2.0 here is the client source my_src{ file("/var/log/apache2/error_log" follow_freq(1) ); file("/var/lib/mysql/mysqld.log" follow_freq(1) ); }; destination loghost { tcp("192.168.1.69" port(514)); }; log { source(my_src); destination(loghost); }; here is the server source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes)); #udp(); }; destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(mysrc); destination(d_mysql); }; note that a databes names syslog is already created and contain a table logs; if itry the following command : syslog-ng -f /etc/syslog-ng/syslog-ng.conf Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' Error initializing source driver; source='mysrc' ps i used to use the server as relai and send by udp using the same port 514 but now everinthing is commented like this # need help i added the following script to the file
hi i did it same prob 2009/4/6 Hahusseau, Thomas <thomas.hahusseau@eads.com>
Add a « & » at the end of the line with « mysql » to run the mysql client as a background task.
------------------------------
*De :* syslog-ng-bounces@lists.balabit.hu [mailto: syslog-ng-bounces@lists.balabit.hu] *De la part de* gatfi sami *Envoyé :* dimanche 5 avril 2009 02:31 *À :* Syslog-ng users' and developers' mailing list *Objet :* [syslog-ng] problem in writing to database 2
i succefully added the folowing script to
/etc/profile
it recreates the pilpline but
when i get access to the virtual machine by ssh it is blocked like this: Password:
*Last login: Sun Apr 5 03:08:51 2009 from linux-ux35.lan Have a lot of fun...
*i have to tape ctrl + c to have linux-test1:~ #
i have to tape ctrl +c to get access to it
here is the script
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u root --password= syslog< /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi
i think the problem is from
mysql -u root --password= syslog< /tmp/mysql.pipe
2009/4/4 gatfi sami <pfegatfi.sami@gmail.com>
hi
i am configuring a centralised syslog server and when i arrived to the writing into the database there is some thing wrong
because when i use a file as destination i see incoming logs when i restart apache2 or mysql in the client
"tail - f /" i use syslog -ng 2.0
here is the client *source my_src{ file("/var/log/apache2/error_log" follow_freq(1) );
file("/var/lib/mysql/mysqld.log" follow_freq(1) );
};
destination loghost { tcp("192.168.1.69" port(514)); }; log { source(my_src); destination(loghost); };*
here is the server
* source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes)); #udp(); };
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(mysrc); destination(d_mysql); }; *
note that a databes names syslog is already created and contain a table logs;
if itry the following command : syslog-ng -f /etc/syslog-ng/syslog-ng.conf
Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' Error initializing source driver; source='mysrc'
ps i used to use the server as relai and send by udp using the same port 514 but now everinthing is
commented like this #
need help
i added the following script to the file
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi, Honestly I didn't try to understand the complete configuration that you used, but starting with syslog-ng 2.1 (but 3.0 is preferred) syslog-ng has native SQL support. It'd probably be much easier & reliable to use than using mysql and named pipes. On Mon, 2009-04-06 at 09:26 +0200, Hahusseau, Thomas wrote:
Add a « & » at the end of the line with « mysql » to run the mysql client as a background task.
______________________________________________________________________ De :syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] De la part de gatfi sami Envoyé : dimanche 5 avril 2009 02:31 À : Syslog-ng users' and developers' mailing list Objet : [syslog-ng] problem in writing to database 2
i succefully added the folowing script to
/etc/profile
it recreates the pilpline but
when i get access to the virtual machine by ssh it is blocked like this: Password:
Last login: Sun Apr 5 03:08:51 2009 from linux-ux35.lan Have a lot of fun...
i have to tape ctrl + c to have linux-test1:~ #
i have to tape ctrl +c to get access to it
here is the script
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u root --password= syslog< /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi
i think the problem is from
mysql -u root --password= syslog< /tmp/mysql.pipe
2009/4/4 gatfi sami <pfegatfi.sami@gmail.com>
hi
i am configuring a centralised syslog server and when i arrived to the writing into the database there is some thing wrong
because when i use a file as destination i see incoming logs when i restart apache2 or mysql in the client
"tail - f /" i use syslog -ng 2.0
here is the client source my_src{ file("/var/log/apache2/error_log" follow_freq(1) );
file("/var/lib/mysql/mysqld.log" follow_freq(1) );
};
destination loghost { tcp("192.168.1.69" port(514)); }; log { source(my_src); destination(loghost); };
here is the server
source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes)); #udp(); };
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(mysrc); destination(d_mysql); };
note that a databes names syslog is already created and contain a table logs;
if itry the following command : syslog-ng -f /etc/syslog-ng/syslog-ng.conf
Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' Error initializing source driver; source='mysrc'
ps i used to use the server as relai and send by udp using the same port 514 but now everinthing is
commented like this #
need help
i added the following script to the file
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Bazsi
participants (3)
-
Balazs Scheidler
-
gatfi sami
-
Hahusseau, Thomas