[syslog-ng]syslog-ng to MySQL question
Nate Campi
syslog-ng@lists.balabit.hu
Thu, 30 Sep 2004 22:59:19 -0700
On Thu, Sep 30, 2004 at 08:16:08PM -0500, Ron Clark wrote:
>
> This may be off topic, but I would be very appreciative of any help. I
> am using the sqlsyslogd file from
> http://www.frasunek.com/sources/security/sqlsyslogd/.
Well it's not off topic, since it deals with syslog-ng also.
> But when it reads from the logs coming into syslog, on the time stamp
> field, it adds some text in <> signs, and does not fully capture the
> time stamp. Does anyone know what these are? And more important, how
> does one get the script to get fully imput the time stamp in the
> syslogs? Does anyone have any tricks to the sqlsyslog.c file that might
> fix this?
Use templates, as Bazsi said to the last person who asked:
https://lists.balabit.hu/pipermail/syslog-ng/2004-July/006256.html
In the old days I patched sqlsyslogd to simply not print that part of
the message, pretty simple actually:
diff sqlsyslogd.c sqlsyslogd-orig.c
141c141
< loghost = strtok((strstr(buf,">") + 1) + 16, " ");
---
> loghost = strtok(buf + 16, " ");
143,144c143
< strlen(logprog) + 3; */
< logmesg = (strstr(buf,">") + 1) + 16 + strlen(loghost) +
---
> logmesg = buf + 16 + strlen(loghost) +
...but use the template option for sure.
--
Nate
"C is quirky, flawed, and an enormous success." - Dennis M. Ritchie.