[syslog-ng]log to database and storage (urgent)
Jeremy Doe
syslog-ng@lists.balabit.hu
Wed, 17 Nov 2004 16:31:02 +0100
Hello list
I compiled syslog-ng version 1.6.5 on Red Hat 3.0. The remote logging
mechanism works (for example it fills my database) but he dont logs to
the filesystem (storage). It means I shoud have two copies of log: one in
database and one on filesystem for save.
>From my configuratioon I excpect to make directories and files with
logs. For example /mnt/syslog/hosts/192.168.21.15/auth/200410 shoud be there.
With lsof and ls I see no transaction to filesystem (I SIGHUPED syslog-ng)
# Globale Optionen
options {
use_fqdn(no);
use_dns(no);
dns_cache(no);
keep_hostname(yes);
create_dirs(yes);
long_hostnames(off);
sync(1);
log_fifo_size(1024);
};
# Quellen/Sources
source src {
pipe("/proc/kmsg");
unix-stream("/dev/log");
internal();
# auf UDP 514 listening
udp();
};
source network {
udp();
};
# Log syslog-ng zu mysql database
destination d_mysql { pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag,
date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY',
'$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
log { source(src); destination(d_mysql);
};
# Log syslog-ng zu shared Storage
destination std {
file("/mnt/syslog/hosts/$HOST/$FACILITY/$YEAR_$MONTH"
owner(root) group(root) perm(0601) dir_perm(0700)
create_dirs(yes) ); };
log {
source(network);
destination(std);
};
I also tried with the configuration from friendly campin
(http://www.campin.net/syslog-ng/expanded-syslog-ng.conf) with minimal
modifcation (we dont use dns).
Please share ur knowledge with me (tried serveral days without luck)
kind regards
Jeremy