[syslog-ng]logging into database

Michael Earls Michael.Earls@chmcc.org
Fri, 16 Aug 2002 14:10:53 -0400 

This is a MIME message. If you are reading this text, you may want to 
consider changing to a mail reader or gateway that understands how to 
properly handle MIME multipart messages.

--=_1F437257.75147AE8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

I have not had any trouble logging messages to the mysql database with
this option set in syslog-ng. The one thing I have noticed from pple
asking for help is that this example only explains how to setup
syslog-ng to log from udp/external source, and not log internal
messages.  
 
Bazi * What is the correct syntax " template-escape or
template_escape"
 
Thanks
Michael Earls
 
http://www.vermeer.org


 

>>> mdodson@coremetrics.com 08/16/02 12:56PM >>>

I noticed one thing. In the following section --  "template-escape"
should be "template_escape"  

"
d_mysql {
>                                            
> pipe("/tmp/mysql.pipe"
>                                            
> template("INSERT INTO logs (host, facility, priority,
> level, tag, date, 
>                                             time,
> program, msg) VALUES ( '$HOST', '$FACILITY',
> '$PRIORITY', '$LEVEL', '$TAG', 
>                                            
> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',
> '$MSG' );\n") template-escape(yes));"





On Fri, 2002-08-16 at 06:49, hicham rahimi wrote:
> 
>  hi,
> 
>  i want to setup logging syslog-ng'messages into a
> mysql database ,in order to make the messages
> organization more powerful.
>   
>   i have tested an exemple given in www.vermeer.com 
> but it doesn't work.
>   if any one have tested it , tell me please if it
> contain a bug or not
>   thanks
>          hicham; 
>  
>      here  the exemple:
>  
> Centralized syslog-ng to mysql database
>  
> 
> by Michael Earls 
> 
> To established a centralized location for syslog-ng
> collection in order to facilitate: 
> 
> Immediate log reporting (both real time and summary
> reporting) 
> Long term log storage (for archival and for possible
> later analysis). 
> Tools used: 
> syslog-ng  -- template() destinations are only
> supported by the 1.5.x releases. 
> mysql  
> My Own PhP Files 
> phpmyedit 
> phpmyadmin 
> Syslog-ng/Pipe Scripts 
> MySql Replication 
>  
> 
> Demo https://daffy.chmcc.org/syslog// 
>      This site is still in testing phase
> 
> 
> Demo-files The files I used for the Demo -- NEW DEMO
> FILE -- 
> 
> To setup syslog-ng to log to a mysql database.  This
> assumes that you have installed and setup syslog-ng
> and mysql.
> 
> Edit the syslog-ng.conf file
>        This tells syslog-ng to pipe to a fifo template
> 
> Add the following lines --
> 
>                                     ## Log syslog-ng
> to mysql database 
>                                     ##                
>                 
>                                         destination
> d_mysql {
>                                            
> pipe("/tmp/mysql.pipe"
>                                            
> template("INSERT INTO logs (host, facility, priority,
> level, tag, date, 
>                                             time,
> program, msg) VALUES ( '$HOST', '$FACILITY',
> '$PRIORITY', '$LEVEL', '$TAG', 
>                                            
> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',
> '$MSG' );\n") template-escape(yes));
>                                              };
>                                         log {
> source(net); destination(d_mysql);
>                                         };
> 
> Then comment out this line --
> 
>                                         # This is the
> default behavior of sysklogd package
>                                         # Logs may
> come from unix stream, but not from another machine.
>                                         #
>                                         #source src {
> unix-dgram("/dev/log"); internal(); };
> 
> Then uncomment out this line --
> 
>                                         # If you wish
> to get logs from remote machine you should uncomment
>                                         # this and
> comment the above source line.
>                                         #
>                                         source src {
> unix-dgram("/etc/log/log"); internal(); };
>                                         source net {
> udp(); };
> 
>  
> 
> Create the database for syslog-ng --
>          
>        Create a file called syslog.sql and paste this
> below, this will create the database " syslog" and
> table " logs" in mysql.
>                         
>                         #
>                         # Table structure for table
> `logs`
>                         #
> 
>                         CREATE DATABASE syslog;
> 
>                         USE syslog;
> 
>                         CREATE TABLE logs (
>                         host varchar(32) default NULL,
>                         facility varchar(10) default
> NULL,
>                         priority varchar(10) default
> NULL,
>                         level varchar(10) default
> NULL,
>                         tag varchar(10) default NULL,
>                         date date default NULL,
>                         time time default NULL,
>                         program varchar(15) default
> NULL,
>                         msg text,
>                         seq int(10) unsigned NOT NULL
> auto_increment,
>                         PRIMARY KEY (seq),
>                         KEY host (host),
>                         KEY seq (seq),
>                         KEY program (program),
>                         KEY time (time),
>                         KEY date (date),
>                         KEY priority (priority),
>                         KEY facility (facility)
>                         ) TYPE=MyISAM;
> 
>         Run this command
>   
>                     mysql -u root -p < syslog.sql
> 
> This will install the database into mysql.
> 
> Create a fifo pipe file -- 
>           This is the file that syslog-ng will store
> records before writing to the database.               
>    
> 
>                     mkfifo /tmp/mysql.pipe
> 
> You need to restart syslog-ng --
>         
>             /etc/init.d/syslog-ng stop   # Stop
> syslog-ng
>             /etc/ini.d/syslog-ng start    # Start
> syslog-ng
> 
> Run this command to pipe the file mysql.pipe to mysql
> database
> 
> You need to create a script that will check to make
> sure this command is running and restart if stopped.
> Syslog-ng/Pipe scripts
> 
>          When this file is started it will hang, You
> need  to create a script and have it run on startup.
> 
>                  mysql -u root --password=passwd
> syslog < /tmp/mysql.pipe
> 
>  
> 
> 
>
--------------------------------------------------------------------------------
> 
> 
> This is a mini how-to and is in the second
> draft::Thanks again to everyone..
> 
> Michael
> 
> Any questions just email me 
> --Michael@michaelearls.com-- 
> 
> Created Jan 18, 2002
> Last Updated May 18, 2002 
>  
> 
> 
> ___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com 
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
> https://lists.balabit.hu/mailman/listinfo/syslog-ng 
> Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html 



_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
https://lists.balabit.hu/mailman/listinfo/syslog-ng 
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html




--=_1F437257.75147AE8
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px">
<DIV><FONT face=Arial size=3>I have not had any trouble logging messages to the 
mysql database with this option set in syslog-ng. The one thing I have noticed 
from pple asking for help is that this example only explains how to setup 
syslog-ng to log from udp/external source, and not log internal messages.&nbsp; 
</FONT></DIV>
<DIV><FONT face=Arial size=3></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=3>Bazi — What is the correct syntax " template-escape 
or template_escape"</FONT></DIV>
<DIV><FONT face=Arial size=3></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=3>Thanks</FONT></DIV>
<DIV><FONT face=Arial size=3>Michael Earls</FONT></DIV>
<DIV><FONT face=Arial size=3></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=3><A 
href="http://www.vermeer.org">http://www.vermeer.org</A></FONT></DIV>
<DIV><BR></DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>&gt;&gt;&gt; mdodson@coremetrics.com 08/16/02 12:56PM 
&gt;&gt;&gt;<BR><BR>I noticed one thing. In the following section --&nbsp; 
"template-escape"<BR>should be "template_escape"&nbsp; <BR><BR>"<BR>d_mysql 
{<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt; 
pipe("/tmp/mysql.pipe"<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt; template("INSERT INTO logs (host, facility, priority,<BR>&gt; level, 
tag, date, 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
time,<BR>&gt; program, msg) VALUES ( '$HOST', '$FACILITY',<BR>&gt; '$PRIORITY', 
'$LEVEL', '$TAG', 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt; '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',<BR>&gt; '$MSG' 
);\n") template-escape(yes));"<BR><BR><BR><BR><BR><BR>On Fri, 2002-08-16 at 
06:49, hicham rahimi wrote:<BR>&gt; <BR>&gt;&nbsp; hi,<BR>&gt; <BR>&gt;&nbsp; i 
want to setup logging syslog-ng'messages into a<BR>&gt; mysql database ,in order 
to make the messages<BR>&gt; organization more powerful.<BR>&gt;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp; i have tested an exemple given in <A 
href="http://www.vermeer.com/">www.vermeer.com</A><BR>&gt; but it doesn't 
work.<BR>&gt;&nbsp;&nbsp; if any one have tested it , tell me please if 
it<BR>&gt; contain a bug or not<BR>&gt;&nbsp;&nbsp; 
thanks<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; hicham; 
<BR>&gt;&nbsp; <BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; here&nbsp; the 
exemple:<BR>&gt;&nbsp; <BR>&gt; Centralized syslog-ng to mysql 
database<BR>&gt;&nbsp; <BR>&gt; <BR>&gt; by Michael Earls <BR>&gt; <BR>&gt; To 
established a centralized location for syslog-ng<BR>&gt; collection in order to 
facilitate: <BR>&gt; <BR>&gt; Immediate log reporting (both real time and 
summary<BR>&gt; reporting) <BR>&gt; Long term log storage (for archival and for 
possible<BR>&gt; later analysis). <BR>&gt; Tools used: <BR>&gt; syslog-ng&nbsp; 
-- template() destinations are only<BR>&gt; supported by the 1.5.x releases. 
<BR>&gt; mysql&nbsp; <BR>&gt; My Own PhP Files <BR>&gt; phpmyedit <BR>&gt; 
phpmyadmin <BR>&gt; Syslog-ng/Pipe Scripts <BR>&gt; MySql Replication 
<BR>&gt;&nbsp; <BR>&gt; <BR>&gt; Demo <A 
href="https://daffy.chmcc.org/syslog//">https://daffy.chmcc.org/syslog//</A><BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
This site is still in testing phase<BR>&gt; <BR>&gt; <BR>&gt; Demo-files The 
files I used for the Demo -- NEW DEMO<BR>&gt; FILE -- <BR>&gt; <BR>&gt; To setup 
syslog-ng to log to a mysql database.&nbsp; This<BR>&gt; assumes that you have 
installed and setup syslog-ng<BR>&gt; and mysql.<BR>&gt; <BR>&gt; Edit the 
syslog-ng.conf file<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; This tells 
syslog-ng to pipe to a fifo template<BR>&gt; <BR>&gt; Add the following lines 
--<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
## Log syslog-ng<BR>&gt; to mysql database 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
##&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
destination<BR>&gt; d_mysql 
{<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt; 
pipe("/tmp/mysql.pipe"<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt; template("INSERT INTO logs (host, facility, priority,<BR>&gt; level, 
tag, date, 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
time,<BR>&gt; program, msg) VALUES ( '$HOST', '$FACILITY',<BR>&gt; '$PRIORITY', 
'$LEVEL', '$TAG', 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt; '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',<BR>&gt; '$MSG' 
);\n") 
template-escape(yes));<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
};<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
log {<BR>&gt; source(net); 
destination(d_mysql);<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
};<BR>&gt; <BR>&gt; Then comment out this line --<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
# This is the<BR>&gt; default behavior of sysklogd 
package<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
# Logs may<BR>&gt; come from unix stream, but not from another 
machine.<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
#<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
#source src {<BR>&gt; unix-dgram("/dev/log"); internal(); };<BR>&gt; <BR>&gt; 
Then uncomment out this line --<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
# If you wish<BR>&gt; to get logs from remote machine you should 
uncomment<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
# this and<BR>&gt; comment the above source 
line.<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
#<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
source src {<BR>&gt; unix-dgram("/etc/log/log"); internal(); 
};<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
source net {<BR>&gt; udp(); };<BR>&gt; <BR>&gt;&nbsp; <BR>&gt; <BR>&gt; Create 
the database for syslog-ng 
--<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Create a file called 
syslog.sql and paste this<BR>&gt; below, this will create the database " syslog" 
and<BR>&gt; table " logs" in 
mysql.<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
#<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
# Table structure for table<BR>&gt; 
`logs`<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
#<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
CREATE DATABASE syslog;<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
USE syslog;<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
CREATE TABLE logs 
(<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
host varchar(32) default 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
facility varchar(10) default<BR>&gt; 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
priority varchar(10) default<BR>&gt; 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
level varchar(10) default<BR>&gt; 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
tag varchar(10) default 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
date date default 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
time time default 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
program varchar(15) default<BR>&gt; 
NULL,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
msg 
text,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
seq int(10) unsigned NOT NULL<BR>&gt; 
auto_increment,<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
PRIMARY KEY 
(seq),<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
KEY host 
(host),<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
KEY seq 
(seq),<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
KEY program 
(program),<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
KEY time 
(time),<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
KEY date 
(date),<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
KEY priority 
(priority),<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
KEY facility 
(facility)<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
) TYPE=MyISAM;<BR>&gt; <BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
Run this command<BR>&gt;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
mysql -u root -p &lt; syslog.sql<BR>&gt; <BR>&gt; This will install the database 
into mysql.<BR>&gt; <BR>&gt; Create a fifo pipe file -- 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; This is the 
file that syslog-ng will store<BR>&gt; records before writing to the 
database.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp;&nbsp; <BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
mkfifo /tmp/mysql.pipe<BR>&gt; <BR>&gt; You need to restart syslog-ng 
--<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
/etc/init.d/syslog-ng stop&nbsp;&nbsp; # Stop<BR>&gt; 
syslog-ng<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
/etc/ini.d/syslog-ng start&nbsp;&nbsp;&nbsp; # Start<BR>&gt; syslog-ng<BR>&gt; 
<BR>&gt; Run this command to pipe the file mysql.pipe to mysql<BR>&gt; 
database<BR>&gt; <BR>&gt; You need to create a script that will check to 
make<BR>&gt; sure this command is running and restart if stopped.<BR>&gt; 
Syslog-ng/Pipe scripts<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; When this file is 
started it will hang, You<BR>&gt; need&nbsp; to create a script and have it run 
on startup.<BR>&gt; 
<BR>&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
mysql -u root --password=passwd<BR>&gt; syslog &lt; /tmp/mysql.pipe<BR>&gt; 
<BR>&gt;&nbsp; <BR>&gt; <BR>&gt; <BR>&gt; 
--------------------------------------------------------------------------------<BR>&gt; 
<BR>&gt; <BR>&gt; This is a mini how-to and is in the second<BR>&gt; 
draft::Thanks again to everyone..<BR>&gt; <BR>&gt; Michael<BR>&gt; <BR>&gt; Any 
questions just email me <BR>&gt; --Michael@michaelearls.com--<BR>&gt; <BR>&gt; 
Created Jan 18, 2002<BR>&gt; Last Updated May 18, 2002 <BR>&gt;&nbsp; <BR>&gt; 
<BR>&gt; <BR>&gt; 
___________________________________________________________<BR>&gt; Do You 
Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !<BR>&gt; Yahoo! Mail : 
<A href="http://fr.mail.yahoo.com/">http://fr.mail.yahoo.com</A><BR>&gt; 
<BR>&gt; _______________________________________________<BR>&gt; syslog-ng 
maillist&nbsp; -&nbsp; syslog-ng@lists.balabit.hu<BR>&gt; <A 
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>&gt; 
Frequently asked questions at <A 
href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</A><BR><BR><BR><BR>_______________________________________________<BR>syslog-ng 
maillist&nbsp; -&nbsp; syslog-ng@lists.balabit.hu<BR><A 
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>Frequently 
asked questions at <A 
href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</A><BR><BR></DIV></BODY></HTML>

--=_1F437257.75147AE8--