bretwatson@charteredsemi.com bretwatson@charteredsemi.com
Wed, 3 Apr 2002 18:42:57 +0800

If you really want there is some work on a system that takes syslog on
stdin and feeds into a modified snort IDS - thus you can have stateful
inspection of content and all sorts of filtering..

look at sourceforge for snortadapter


Balazs Scheidler <bazsi@balabit.hu>      03/04/2002 05:55
Sent by: syslog-ng-admin@lists.balabit.hu

Please respond to syslog-ng
             To: syslog-ng@lists.balabit.hu                                    
             cc: (bcc: WATSON Bret/IT/CHRT/ST Group)                           
             Subject: Re: [syslog-ng]syslog-ng                                 

On Wed, Apr 03, 2002 at 03:38:03AM -0500, Michael Earls wrote:
> Will syslog-ng ever be native to log to mysql or any other type of
> external database?

I don't understand what the problems with using an external program for
purpose are. Simply write a 10 line long perl script where you can even
preprocess messages before they go to the database, and feed this script
with a pipe/program destination.

Adding support for pgsql/mysql/sybase/whatever into syslog-ng is bloat in

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C

syslog-ng maillist  -  syslog-ng@lists.balabit.hu

[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]