[syslog-ng]Can't get pipe working

Fri, 02 Jul 2004 08:10:20 +0200

Hi Clayton,

wie use ist in slyghtly other way and it writes several gigabytes per dy =
in our mysql database.

1) the syslog-ng configuration

destination d_ToSysLogDB {
  pipe("/tmp/syslog.pipe"
  owner("root")
  group("root")
  perm(0640)
  template("insert into syslog(host,facility,priority,level,tag,date,time,p=
rogra
m,msg) values ('$HOST','$FACILITY', '$PRIORITY', '$LEVEL', '$TAG','$YEAR-$M=
ONTH-
$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};

log { source(loghost); destination(d_ToSysLogDB); };
=20
2) there is a script running that takes the data from the pipe and writes =
them into the databse

#!/bin/bash
#
if [ -e /tmp/syslog.pipe ]; then
  while [ -e /tmp/syslog.pipe ]
    do
      mysql -u syslog --password=3D<password> syslog -h syslog < /tmp/syslo=
g.pipe
  done
else
  mkfifo /tmp/syslog.pipe
  while [ -e /tmp/syslog.pipe ]
    do
      mysql -u syslog --password=3D<password> -h syslog < /tmp/syslog.pipe
  done
fi

3) Keep in mind that a tail -f on a pipe will take all data out of the =
pipe and you cannot write them into a database.

Stephan

Dr. Stephan Hendl
Systemmanagement
-----------------------------------
Landesbetrieb f=FCr
Datenverarbeitung und Statistik
Land Brandenburg

Adresse: 14467 Potsdam, Dortustr. 46
Telefon: +49-(0)331 39-471
Fax: +49-(0)331 27548-1187
Mobil: +49-(0)160 90 645 893
EMail: Stephan.Hendl@lds.brandenburg.de=20
Internet: http://www.lds-bb.de=20

>>> cdukes@cdukes.com 01.07.2004 20:02:57 >>>
Hi all,
I seem to be having trouble getting a mysql pipe working and thought I =
would
enlist your help.

Here's my config:

options { use_fqdn(no);
          keep_hostname(yes);
          use_dns(no);
          long_hostnames(off);
          sync(0);
          log_fifo_size(1000);

        # The default action of syslog-ng 1.6.0 is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats(43200);
};

############################
# Set up Sources
############################
source src { unix-dgram("/dev/log"); internal(); };
source net { udp(); };
source s_jffnms { unix-dgram("/dev/log"); internal(); udp(); };

# MySQL Logs

destination d_jffnms {
  pipe("/tmp/mysql.pipe"
    template("INSERT INTO syslog (date, date_logged, host, message) VALUES
('$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', NOW\(\), '$FULLHOST', '$MSG');\n")
template-escape(yes));
    };
destination jffnms_processing {
      program ("mysql -u jffnms -pjffnms jffnms < /tmp/mysql.pipe"); };

log {
       source (s_jffnms);
       #filter (f_jffnms);   #if you use it
       destination (d_jffnms);
};

# End
When I restart syslog-ng and tail -f /tmp/mysql.pipe nothing comes in (nor
are there any database inserts happening).
When I do a tcpdump, I do see the event coming into my server, but it =
seems
as though syslog-ng is just dropping the packet...?

Regards,
Clayton Dukes
CCNA, CCDA, CCNP, CCDP
Sr. Network Engineer
E Solutions Corp.
http://www.esnet.com=20
813.301.2620 (o)
813.545.7373 (c)
=20

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu=20
https://lists.balabit.hu/mailman/listinfo/syslog-ng=20
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html=20