[syslog-ng] problem in writing to database 2
Balazs Scheidler
bazsi at balabit.hu
Tue Apr 14 22:30:52 CEST 2009
Hi,
Honestly I didn't try to understand the complete configuration that you
used, but starting with syslog-ng 2.1 (but 3.0 is preferred) syslog-ng
has native SQL support. It'd probably be much easier & reliable to use
than using mysql and named pipes.
On Mon, 2009-04-06 at 09:26 +0200, Hahusseau, Thomas wrote:
> Add a « & » at the end of the line with « mysql » to run the mysql
> client as a background task.
>
>
>
>
> ______________________________________________________________________
> De :syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] De la part de gatfi sami
> Envoyé : dimanche 5 avril 2009 02:31
> À : Syslog-ng users' and developers' mailing list
> Objet : [syslog-ng] problem in writing to database 2
>
>
>
>
> i succefully added the folowing script to
>
> /etc/profile
>
> it recreates the pilpline but
>
> when i get access to the virtual machine by ssh it is blocked
> like this:
> Password:
>
> Last login: Sun Apr 5 03:08:51 2009 from linux-ux35.lan
> Have a lot of fun...
>
> i have to tape ctrl + c to
> have
> linux-test1:~ #
>
>
>
> i have to tape ctrl +c to get access to it
>
>
> here is the script
>
>
>
>
> #!/bin/bash
>
> if [ -e /tmp/mysql.pipe ]; then
>
> while [ -e /tmp/mysql.pipe ]
>
> do
>
> mysql -u root --password= syslog< /tmp/mysql.pipe
>
> done
>
> else
>
> mkfifo /tmp/mysql.pipe
>
> fi
>
>
> i think the problem is from
>
> mysql -u root --password= syslog< /tmp/mysql.pipe
>
>
>
>
> 2009/4/4 gatfi sami <pfegatfi.sami at gmail.com>
>
> hi
>
> i am configuring a centralised syslog server and when i arrived to the
> writing into the database there is some thing wrong
>
> because when i use a file as destination i see incoming logs when i
> restart apache2 or mysql in the client
>
> "tail - f /"
> i use syslog -ng 2.0
>
> here is the client
> source my_src{
> file("/var/log/apache2/error_log" follow_freq(1) );
>
> file("/var/lib/mysql/mysqld.log" follow_freq(1) );
>
> };
>
>
> destination loghost {
> tcp("192.168.1.69" port(514));
> };
> log {
> source(my_src);
> destination(loghost);
> };
>
>
>
> here is the server
>
> source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes));
> #udp();
> };
>
> destination d_mysql {
> pipe("/tmp/mysql.pipe"
> template("INSERT INTO logs (host, facility, priority, level, tag,
> date,
> time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY',
> '$LEVEL',
> '$TAG',
> '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
> template-escape(yes));
> };
> log { source(mysrc); destination(d_mysql);
> };
>
>
> note that a databes names syslog is already created and contain a
> table logs;
>
>
>
> if itry the following command : syslog-ng
> -f /etc/syslog-ng/syslog-ng.conf
>
> Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address
> already in use (98)'
> Error initializing source driver; source='mysrc'
>
>
> ps i used to use the server as relai and send by udp using the same
> port 514 but now everinthing is
>
> commented like this #
>
> need help
>
>
>
> i added the following script to the file
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
--
Bazsi
More information about the syslog-ng
mailing list