[syslog-ng]STILL MANGLED MESSAGES! Please Help!
_/CaT\_
cat_roger22@hotmail.com
Fri, 11 Oct 2002 09:32:44 +0200
Try to test this solution:
http://lists.balabit.hu/pipermail/syslog-ng/2002-October/003905.html
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of harald schmidt
Sent: Thursday, October 10, 2002 5:31 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]STILL MANGLED MESSAGES! Please Help!
Importance: High
Hi,
Syslog-ng 1.5.21 still produces mangled messages into pipes! This
happens ca. 10 times a day.
Here an example what syslog-ng writes in the pipe:
INSERT INTO all_messages_200210 (host, facility, priority, tag, date,=20
time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f',=20
'2002-10-10', '11:24:56', 'nrpe', 'nrpe[15656]: Host is asking for
command \'check_total_procs\' to be rINSERT INTO all_messages_200210
(host, facility, priority, tag, date,=20
time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f',=20
'2002-10-10', '11:24:57', 'nrpe', 'nrpe[15656]: Return Code: 0, Output:
OK - 67 processes running' );=20
the 3rd line should look like this:
'2002-10-10', '11:24:56', 'nrpe', 'nrpe[15656]: Host is asking for
command \'check_total_procs\' to be run...' );
But syslog-ng doesn't finish that line.=20
Here another example:
INSERT INTO all_messages_200210 (host, facility, priority, tag, date,=20
time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f',=20
'2002-10-10', '01:26:52', 'nrpe', 'nrpe[15INSERT INTO
all_messages_200210 (host, facility, priority, tag, date,=20
time, program, msg) VALUES ( 'clc', 'daemon', 'debug', '1f',=20
'2002-10-10', '01:26:52', 'nrpe', 'nrpe[15387]: Return Code: 1, Output:
2 users currently logged in' );
Here is my syslog-ng.conf:
#
# Syslog-ng example configuration for for Debian GNU/Linux
#
# Copyright (c) 1999 anonymous
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $ # #
Syslog-ng configuration file, compatible with default Debian syslogd #
installation. # # 1.options=20
options { long_hostnames(off); use_fqdn(yes); sync(0); log_fifo_size
(500); gc_busy_threshold(768); use_time_recvd(1); };
# 2.sources=20
source s_kernel { pipe("/proc/kmsg"); internal(); };
source s_stream { unix-stream("/dev/log"); internal(); }; source sn_udp
{ udp(); };
# 3.destinations=20
destination df_all_messages {
file("/var/log/all_messages-$YEAR$MONTH$DAY"); }; destination
dq_mysql_all_messages { pipe("/var/pipes/mysql.fifo" template("INSERT
INTO all_messages_$YEAR$MONTH (host, facility, priority, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template-escape(yes)); };
# 4.Log
log { source(s_stream); source(s_kernel); source(sn_udp);
destination(df_all_messages); }; log { source(s_stream);
source(s_kernel); source(sn_udp); destination(dq_mysql_all_messages); };
And here the Script that reads from the pipe (I'm starting a new
database every month):
#!/bin/sh
datum=3D$(date +%Y%m)
if [ -e /var/pipes/mysql.fifo ]; then
while [ -e /var/pipes/mysql.fifo ]
do
/usr/local/mysql/bin/mysql -vvT syslog_$datum <
/var/pipes/mysql.fifo done else
mkfifo /var/pipes/mysql.fifo
fi
My system:
# uname -a
Linux clc 2.4.10-4GB #1 Tue Sep 25 12:33:54 GMT 2001 i686 unknown
Could anyone PLEASE help me?
thanks Harald
--=20
Holen Sie sich den Turbo f=FCrs Internet: T-DSL!
http://bonus.gmx.net/?gid=3D46842444&prid=3D11
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html