[syslog-ng]logging into database
Matthew Dodson
mdodson@coremetrics.com
16 Aug 2002 11:56:09 -0500
I noticed one thing. In the following section -- "template-escape"
should be "template_escape" =20
"
d_mysql {
> =20
> pipe("/tmp/mysql.pipe"
> =20
> template("INSERT INTO logs (host, facility, priority,
> level, tag, date,=20
> time,
> program, msg) VALUES ( '$HOST', '$FACILITY',
> '$PRIORITY', '$LEVEL', '$TAG',=20
> =20
> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',
> '$MSG' );\n") template-escape(yes));"
On Fri, 2002-08-16 at 06:49, hicham rahimi wrote:
>=20
> hi,
>=20
> i want to setup logging syslog-ng'messages into a
> mysql database ,in order to make the messages
> organization more powerful.
> =20
> i have tested an exemple given in www.vermeer.com
> but it doesn't work.
> if any one have tested it , tell me please if it
> contain a bug or not
> thanks
> hicham;=20
> =20
> here the exemple:
> =20
> Centralized syslog-ng to mysql database
> =20
>=20
> by Michael Earls=20
>=20
> To established a centralized location for syslog-ng
> collection in order to facilitate:=20
>=20
> Immediate log reporting (both real time and summary
> reporting)=20
> Long term log storage (for archival and for possible
> later analysis).=20
> Tools used:=20
> syslog-ng -- template() destinations are only
> supported by the 1.5.x releases.=20
> mysql =20
> My Own PhP Files=20
> phpmyedit=20
> phpmyadmin=20
> Syslog-ng/Pipe Scripts=20
> MySql Replication=20
> =20
>=20
> Demo https://daffy.chmcc.org/syslog//
> This site is still in testing phase
>=20
>=20
> Demo-files The files I used for the Demo -- NEW DEMO
> FILE --=20
>=20
> To setup syslog-ng to log to a mysql database. This
> assumes that you have installed and setup syslog-ng
> and mysql.
>=20
> Edit the syslog-ng.conf file
> This tells syslog-ng to pipe to a fifo template
>=20
> Add the following lines --
>=20
> ## Log syslog-ng
> to mysql database=20
> ## =20
> =20
> destination
> d_mysql {
> =20
> pipe("/tmp/mysql.pipe"
> =20
> template("INSERT INTO logs (host, facility, priority,
> level, tag, date,=20
> time,
> program, msg) VALUES ( '$HOST', '$FACILITY',
> '$PRIORITY', '$LEVEL', '$TAG',=20
> =20
> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',
> '$MSG' );\n") template-escape(yes));
> };
> log {
> source(net); destination(d_mysql);
> };
>=20
> Then comment out this line --
>=20
> # This is the
> default behavior of sysklogd package
> # Logs may
> come from unix stream, but not from another machine.
> #
> #source src {
> unix-dgram("/dev/log"); internal(); };
>=20
> Then uncomment out this line --
>=20
> # If you wish
> to get logs from remote machine you should uncomment
> # this and
> comment the above source line.
> #
> source src {
> unix-dgram("/etc/log/log"); internal(); };
> source net {
> udp(); };
>=20
> =20
>=20
> Create the database for syslog-ng --
> =20
> Create a file called syslog.sql and paste this
> below, this will create the database " syslog" and
> table " logs" in mysql.
> =20
> #
> # Table structure for table
> `logs`
> #
>=20
> CREATE DATABASE syslog;
>=20
> USE syslog;
>=20
> CREATE TABLE logs (
> host varchar(32) default NULL,
> facility varchar(10) default
> NULL,
> priority varchar(10) default
> NULL,
> level varchar(10) default
> NULL,
> tag varchar(10) default NULL,
> date date default NULL,
> time time default NULL,
> program varchar(15) default
> NULL,
> msg text,
> seq int(10) unsigned NOT NULL
> auto_increment,
> PRIMARY KEY (seq),
> KEY host (host),
> KEY seq (seq),
> KEY program (program),
> KEY time (time),
> KEY date (date),
> KEY priority (priority),
> KEY facility (facility)
> ) TYPE=3DMyISAM;
>=20
> Run this command
> =20
> mysql -u root -p < syslog.sql
>=20
> This will install the database into mysql.
>=20
> Create a fifo pipe file --=20
> This is the file that syslog-ng will store
> records before writing to the database. =20
> =20
>=20
> mkfifo /tmp/mysql.pipe
>=20
> You need to restart syslog-ng --
> =20
> /etc/init.d/syslog-ng stop # Stop
> syslog-ng
> /etc/ini.d/syslog-ng start # Start
> syslog-ng
>=20
> Run this command to pipe the file mysql.pipe to mysql
> database
>=20
> You need to create a script that will check to make
> sure this command is running and restart if stopped.
> Syslog-ng/Pipe scripts
>=20
> When this file is started it will hang, You
> need to create a script and have it run on startup.
>=20
> mysql -u root --password=3Dpasswd
> syslog < /tmp/mysql.pipe
>=20
> =20
>=20
>=20
> -------------------------------------------------------------------------=
-------
>=20
>=20
> This is a mini how-to and is in the second
> draft::Thanks again to everyone..
>=20
> Michael
>=20
> Any questions just email me=20
> --Michael@michaelearls.com--
>=20
> Created Jan 18, 2002
> Last Updated May 18, 2002=20
> =20
>=20
>=20
> ___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en fran=E7ais !
> Yahoo! Mail : http://fr.mail.yahoo.com
>=20
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html