[syslog-ng]Old Syslog Data

Casey Allen Shobe syslog-ng@lists.balabit.hu
Tue, 23 Dec 2003 08:50:58 -0500


Asif Iqbal (Monday 22 December 2003 21:38)
> > default neither of these formats contain facility and priority settings,
> > but apart from that there shouldn't be any problems importing the old
> > logs into a database with some perl scripting.
>
> Any hint or example would be greatly appreciated

It should be fairly easy (this is how I've done such things in the past) to=
=20
modify your log file into a file of SQL statements, then just pipe that int=
o=20
psql (I assume it works the same with mysql).

Let's say your syslog file contains lines looking like this:
Oct  6 00:32:09 eirny kernel: hdc: LITE-ON LTR-12101B, ATAPI CD/DVD-ROM dri=
ve

=2E..and your database table contains columns like this:
date, time, host, message, facility, priority

Then you'd just want to use your favorite editor (which ought to be vim ;-P=
)=20
and use a few simple commands to change all of the lines to read:

insert into db_table (timestamp, host, message) values ('6-10-2003',=20
'00:32:09', 'eirny', 'kernel: hdc: LITE-ON LTR-12101B, ATAPI CD/DVD-ROM=20
drive');

If you don't have defaults specified for the missing columns, then you coul=
d=20
do something like:

insert into db_table (timestamp, host, message, facility, priority) values=
=20
('6-10-2003', '00:32:09', 'eirny', 'kernel: hdc: LITE-ON LTR-12101B, ATAPI=
=20
CD/DVD-ROM drive', '', '');

You might need to adjust the date format depending on what DBMS you're=20
using...since the year wasn't specified you can just get it from 'date +%Y'=
=20
if everything is from this year.  If your log data spans multiple years, th=
e=20
easiest way to deal with it would probably be to split the files at the yea=
r=20
changes, then just globally insert the different year in each file.

=2D-=20
Sig=FE=F3r Bj=F6rn Jar=F0arson (Casey Allen Shobe)
cshobe@softhome.net
Jabber: sigthor@jabber.org; ICQ: 1494523; AIM/Yahoo: SomeLinuxGuy
=2D-=20
=46ree development contributor of:
> KDE toolbar icons
> Kopete user interface, usability, and testing
> X11 Icelandic Dvorak keymaps
http://rivyn.livejournal.com