[syslog-ng]Feature Request

Wed, 28 Mar 2001 01:01:30 -0500

On Tue, Mar 27, 2001 at 06:37:30PM -0600, Chad C. Walstrom wrote:

>     template("INSERT INTO mytable ( host, facility, priority, level, tag, date, time, program, msg) VALUES( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n"));            

NB: from a security perspective, this may not be a good idea.  What if
$MSG is created by a hostile host and includes a single quote followed
by some SQL statement?  This is the standard "mixed code + externally
supplied data" problem.

- Morty