[syslog-ng] Re: syslog-ng
Balazs Scheidler
bazsi@balabit.hu
Thu, 17 Jun 1999 17:39:26 +0200
On Thu, Jun 17, 1999 at 11:35:53AM -0400, Forrest Aldrich wrote:
> Okay, perhaps I don't understand. Syslog takes a number of attributes
> and logs them into a file /var/log/syslog (or whatever you define). Those
> attributes could be translated into a schema/table and inserted into
> the database each time. Then, those same fields can be keyed or
> indexed, searched against... reports run. I would think that would
> be very useful.
>
> The alternative is to hack shell and perl scripts together to pull out that
> data... or by viewing them manually, which involves sore eyes and headaches.
The problem with exactly this "translation into a schema/table". log
messages are quite different, and it is very difficult to write a general
parser, which extracts information from log messages. I do not want to put
this difficulty to syslog-ng itself, however it is possible to write this
functionality to an external program or perl script.
--
Bazsi