[syslog-ng] Help with db_parser()
Giovanni Mancuso
suuuper at messinalug.org
Thu Dec 16 17:49:28 CET 2010
Hi,
I configure my Java application to log with log4j in syslog server, and
i configure my syslog-ng to store data in mysql database, but this
doen't work.
My syslog-ng configuration is:
@version: 3.0
options {
chain_hostnames(no);
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
udp(ip("127.0.0.1") port(514));
file("/proc/kmsg");
};
destination mcs {
file("/var/log/mw-collaboration/mw-collaboration-loginfile.log"); };
destination mcs_sql {
sql(
type(mysql)
host("localhost")
username("syslogng")
password("syslogng")
database("mcslogin")
table("mcslogin")
columns("date varchar(32)","loginuser varchar(32)
","ipsource varchar(32)")
values("${S_YEAR}-${S_MONTH}-${S_DAY}
${S_HOUR}:${S_MIN}:${S_SEC}","${LOGIN_USER}","${IP_SOURCE}")
);
};
filter f_mcs { facility(local2); };
parser p_mcs {
db_parser(file("/etc/syslog-ng/patterndb.d/mcs.xml"));
};
log { source(src); filter(f_mcs); parser(p_mcs); destination(mcs_sql);
destination(mcs); };
I created also a db_parser file that is:
<patterndb version='1' pub_date='2010-12-14'>
<program name='mcs'>
<pattern>mcs</pattern>
<rule id='mcs' class='system'>
<pattern>###############Accesso dell'utente
@STRING:LOGIN_USER@ da ip @IPv4:IP_SOURCE@</pattern>
</rule>
</program>
</patterndb>
With this configuration, i have that in "mcs" destination it writes all
information:
Dec 16 11:55:44 localhost mcs[123] ###############Accesso dell'utente
xxxx at xxx.mailware.it da ip 111.222.333.444
Dec 16 12:53:23 localhost mcs[123] ###############Accesso dell'utente
xxxx.1 at xxx.mailware.it da ip 111.222.333.444
Dec 16 14:07:40 localhost mcs[123] ###############Accesso dell'utente
xxxx.1 at xxx.mailware.it da ip 111.222.333.444
but in "mcs_sql" destination, it writes only date:
mysql> desc mcslogin;
+-----------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+-------------+------+-----+---------+-------+
| date | varchar(32) | YES | MUL | NULL | |
| loginuser | varchar(32) | YES | | NULL | |
| ipsource | varchar(32) | YES | | NULL | |
+-----------+-------------+------+-----+---------+-------+
3 rows in set (0.00 sec)
mysql> select * from mcslogin limit 10
-> ;
+---------------------+-----------+----------+
| date | loginuser | ipsource |
+---------------------+-----------+----------+
| 2010-12-15 11:02:16 | | |
| 2010-12-15 11:11:09 | | |
| 2010-12-15 17:53:01 | | |
| 2010-12-15 18:11:55 | | |
| 2010-12-15 18:12:54 | | |
| 2010-12-15 18:35:07 | | |
| 2010-12-16 11:55:36 | | |
| 2010-12-16 11:55:44 | | |
| 2010-12-16 11:55:44 | | |
| 2010-12-16 12:53:23 | | |
+---------------------+-----------+----------+
10 rows in set (0.00 sec)
Can you help me?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101216/d6592978/attachment.htm
More information about the syslog-ng
mailing list