[syslog-ng] Pipe to MYSQL does not work

Hari Sekhon hpsekhon at googlemail.com
Fri Aug 25 04:57:49 CEST 2006


I got this working without any trouble by following the docs:

have you tailed the pipe while syslog-ng is running? have you created
the database properly and got the authentication correct? Does the
script persist? Is MySQL running. Is the db name correct?  etc...

I can't see what is wrong with your config off the top of my head, so
here is my relevent setup snippets for reference

options {
        chain_hostnames(0);
        stats(0);
        time_reopen(10);
        time_reap(360);
        log_fifo_size(2048);
        create_dirs(yes);
        group(adm);
        perm(0600);
        dir_perm(0700);
        use_dns(yes);
        keep_hostname(no);
};

source s_int {
        internal();
        unix-stream("/dev/log");
        file("/proc/kmsg" log_prefix("kernel: "));
};

source s_net {
        tcp( port(50514) );
        udp();
};


destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO
logs (host,facility,priority,level,tag,datetime,program,msg) VALUES
('$HOST','$FACILITY','$PRIORITY','$LEVEL','$TAG','$YEAR-$MONTH-$DAY
$HOUR:$MIN:$SEC','$PROGRAM','$MSG');\n") template-escape(yes)); };

log {
        source(s_int);
        source(s_net);
        destination(d_mysql);
};



Also, your bash works, just about but could be improved to first test
and create the fifo if necessary and then use it, that way it won't
fail, create the pipe and do nothing (doh). This is better:

if [ ! -e /var/log/mysql.pipe ]
then
        mkfifo -m 600 /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
        mysql -u username --password=password syslog <
/var/log/mysql.pipe >/dev/null
done


It's obvious you're trying to do the whole central logserver with web
interface bit so I suggest that google is your friend, I have found
syslog-ng is good, but there is basically no support of any kind, irc
is dead and this list is very low traffic. So I recommend you try to
make the best use of the docs and google and don't rely too much on
outside help.

Best of Luck

Hari Sekhon


On 25/08/06, Matthew Redel <mredel at gmail.com> wrote:
>
> Running 1.6.9 version of syslog-ng.
> libol version 3.9
> OS is Redhat Fedora 4.
> mysql version is 4.1.12 .
> Below is my config:
>
>
>
> options { sync (0);
>           time_reopen (10);
>           log_fifo_size (1000);
>           long_hostnames (off);
>           use_dns (yes);
>           use_fqdn (yes);
>           create_dirs (yes);
>           keep_hostname (yes);
>         };
>
> source s_net { udp(ip(0.0.0.0) port(514)); };
>
> destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs
> (host, f
> acility, priority, level, tag, date, time, program, msg) VALUES ('$HOST',
> '$FACI
> LITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY',
> '$HOUR:$MIN:$SEC', '$
> PROGRAM', '$MSG');\n") template-escape(yes));
> };
>
> log { source(s_net); destination(d_mysql); };
>
> Here is the script used to pipe /tmp/mysql.pipe into databse:
>
> #!/bin/bash
>
> if [ -e /tmp/mysql.pipe ]; then
> while [ -e /tmp/mysql.pipe ]
> do
> mysql -u syslog --password=password syslog < /tmp/mysql.pipe
> done
> else
> mkfifo /tmp/mysql.pipe
> fi
>
> I have confirmed that I can redirect echo to the pipe, so I know the pipe is
> working. I've even chmod 777 the pipe. I have also confirmed that log
> messages are coming in over the network using tcpdump and when I use
> syslog-ng to log to file, it works just fine. Why doesn't syslog-ng output
> to the pipe, argh!? Any help would be greatly appreciated.
>
> Matt
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at
> http://www.campin.net/syslog-ng/faq.html
>
>
>
>


More information about the syslog-ng mailing list