[syslog-ng]Feature Request
jon@dumbo.pobox.com
jon@dumbo.pobox.com
Tue, 27 Mar 2001 17:56:39 -0500
quick question:
why not just output to a program? and have that program deal with the input
in any way you choose...
you can do this pretty easily with perl
#!/usr/bin/perl -w
use strict; use DBI; use DBD::Pg;
&connect_to_db(); # make this function obviously
while ($line=<>) {
# mangle data for input
# insert into db
}
On Tue, Mar 27, 2001 at 04:11:54PM -0600, Chad C. Walstrom wrote:
| Firstly, THANKS for such a great replacement to syslog! I'm quite
| happy with the ease of configurability and the use of the tcp() source
| and destinations -- very nice for tunnelling over OpenSSL.
|
| Next thing to ask for is a feature request that would make our use of
| syslog infintely more flexible: a string formatter module. Take this
| hypothetical syslog-ng.conf entry as an example:
|
| --------- START EXAMPLE -----------
| # First, set some global options.
| options { long_hostnames(off); sync(0); };
| source remotehost { tcp( 192.168.1.1, 514 ); };
|
| # sql batch file
| destination sql_output { file ("/var/log/log.sql" owner ("root")
| group("adm") perm(0640)); };
| destination xml_output { file ("/var/log/log.xml" owner ("root")
| group("adm") perm(0640)); };
|
| # Now, the format string using printf style placeholders where %h ==
| # host, %d == date, %t == time, %f == facility, %l == level, and %m ==
| # message
| format o_sql { printf( "INSERT mytable ( host, date, time, facility,
| level, message )\nVALUES ( '%h', '%d', '%t', '%f', '%l', '%m' );\n" ); };
|
| # Or, we could specify template files for the printf driver
| #
| # Where the file would contain character literals rather than escapes
| # (for things such as tab and newline):
| #
| # INSERT mytable ( host, date, time, facility, level, message )
| # VALUES ( '%h', '%d', '%t', '%f', '%l', '%m' );\n" );
| #
| format o_sql { printf(template("/usr/share/syslog-ng/sql.tmpl")); };
| format o_xml { printf(template("/usr/share/syslog-ng/xml.tmpl")); };
|
| # Now, out to the log
| log { source(remotehost); format(o_sql); destination(sql_output); };
| log { source(remotehost); format(o_xml); destination(xml_output); };
| --------- START EXAMPLE -----------
|
| The reason I suggest having format as a separate module instead of a
| file option is for instance you want to have a real-time process to
| log INSERT statements into a database. You could specificy your
| destination as a named pipe
|
| source s_host{ tcp( 192.168.1.1, 514 ); };
| format o_sql{ printf(template("/etc/syslog-ng/custom_sql.tmpl")); };
| destination d_sqlpipe{ file("/dev/log_sql" owner ("root")
| group("adm") perm(0640)); };
| log{ source(s_host); format(o_sql); destination(d_sqlpipe); };
|
| to which your database client is listening, waiting for input. Let's
| hypothise for a moment that psql, the PostgreSQL command line client,
| can open up a named pipe as an input file -- as I'm not sure if it
| really can. A command like the following is all you'd need for
| real-time database logging:
|
| bash$ whoami
| syslogd
| bash$ nohup psql -h localhost -d sysylogdb /dev/log_sql&
| bash$
|
| We preserve the UNIX philosophy in that you let your tools do only one
| job, but one job done VERY well. Why reimplement the wheel and embed
| an SQL client into syslog-ng? No reason at all. What do we have to
| do to change the output format? Change the output template in the log
| rule. Simple, clean, efficient.
|
| What do you think?
|
| --
| Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie
| http://www.wookimus.net/ | s.k.a. gunnarr
| Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD
|