[syslog-ng]parsing the message field
Joseph Deck
syslog-ng@lists.balabit.hu
Mon, 25 Oct 2004 20:11:11 -0400
All,
We have installed syslog-ng on our unix systems pointing them, some network
devices, and some Windows systems events to a central syslog-ng
server. The central server is currently piping the information to a Mysql
database. Each incoming device writes to its own table in the database. A
modification to this we would like to accomplish is to key various pieces
of information stored in the "message" field.
For example, syslog messages sent from the mail servers will contain the
sender, recipient, delivery status in the "message" field. Our thought is
to key these pieces of information for quick lookup. Some of the systems
(Cisco Pix) are sending up to 5G of information a day. Another reason to
key the information.
Our current thought is to send the output of syslog-ng to a Perl script
which will parse the message field based upon the source. The Perl script
would then write it to the database.
Is there a better approach? Any suggestions would be appreciated.
Joseph G. Deck
Director of Computing Services
Wittenberg University
Phone: (937) 525-3800
Fax: (937) 327-7372