[syslog-ng] problem in writing to database 2

Hahusseau, Thomas thomas.hahusseau at eads.com
Mon Apr 6 09:26:40 CEST 2009 

Add a « & » at the end of the line with « mysql » to run the mysql client as
a background task.

 

  _____  

De : syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] De la part de gatfi sami
Envoyé : dimanche 5 avril 2009 02:31
À : Syslog-ng users' and developers' mailing list
Objet : [syslog-ng] problem in writing to database 2

 

i succefully added the folowing script to 

/etc/profile

it recreates the pilpline but 

when i get access to the virtual machine by ssh it is blocked
like this:
Password: 

Last login: Sun Apr 5 03:08:51 2009 from linux-ux35.lan 
Have a lot of fun...

i have to tape ctrl + c to 
have
linux-test1:~ # 



 i have to tape ctrl +c to get access to it 


here is the script



 
#!/bin/bash


if [ -e /tmp/mysql.pipe ]; then


     while [ -e /tmp/mysql.pipe ]


     do


         mysql -u root --password= syslog< /tmp/mysql.pipe


     done


else


     mkfifo /tmp/mysql.pipe


fi



i think the problem is from 

 mysql -u root --password= syslog< /tmp/mysql.pipe




2009/4/4 gatfi sami <pfegatfi.sami at gmail.com
<mailto:pfegatfi.sami at gmail.com> >

hi

i am configuring a centralised syslog server and when i arrived to the
writing into the database there is some thing wrong 

because when i use a file as destination i see incoming logs when i restart
apache2 or mysql in the client

"tail - f /"
i use syslog -ng 2.0

here is the client
source my_src{
file("/var/log/apache2/error_log" follow_freq(1)  );

file("/var/lib/mysql/mysqld.log" follow_freq(1) );

};


destination loghost {
    tcp("192.168.1.69" port(514));
};
log {
   source(my_src);
  destination(loghost);
};
                  


here is the server

 source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes));
#udp();
 };

destination d_mysql {
  pipe("/tmp/mysql.pipe"
  template("INSERT INTO logs (host, facility, priority, level, tag, date,
  time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',
  '$TAG',
  '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
  template-escape(yes));
};
log { source(mysrc); destination(d_mysql);
};


note that a databes names syslog is already created and contain a table
logs;



if itry the following command : syslog-ng -f /etc/syslog-ng/syslog-ng.conf

Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in
use (98)'
Error initializing source driver; source='mysrc'


ps i used to use the server as relai and send by udp using the same port 514
but now everinthing is 

commented   like this #

need help


i added the following script to the file 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090406/d77732ed/attachment.htm

More information about the syslog-ng mailing list