[syslog-ng] Help with db_parser()

[Giovanni Mancuso]

 On 16/12/2010 18:04, Matthew Hall wrote:
> On Thu, Dec 16, 2010 at 05:49:28PM +0100, Giovanni Mancuso wrote:
>> @version: 3.0
> This version looks rather old. Have you tried it in the latest one? A 
> lot of the patterndb and sql stuff has been bug-fixed lately.
If i run syslog-ng with debug, i see that the version that is: 3.1.3 and
i hve the warning:

WARNING: You are using the default values for columns(), indexes() or
values(), please specify these explicitly as the default will be dropped
in the future;
Running application hooks; hook='1'
Running application hooks; hook='3'
Log pattern database reloaded;
file='/etc/syslog-ng/patterndb.d/mcs.xml', version='1',
pub_date='2010-12-14'
syslog-ng starting up; version='3.1.3'
Database thread started;

> Have you run the daemon with debugging options such as:
>
> -F --no-caps -v -d -t -e
>
> Then we could see what it is doing internally.
If i run with this options i have:

Incoming log entry; line='<150>mcs[123] ###############Accesso
dell\'utente xxx.1 at xxx.mailware.it da ip 10.0.10.98\x0a'
Filter rule evaluation begins; filter_rule='f_authpriv'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_authpriv'
Filter rule evaluation begins; filter_rule='f_cron'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_cron'
Filter rule evaluation begins; filter_rule='f_kern'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_kern'
Filter rule evaluation begins; filter_rule='f_lpr'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_lpr'
Filter rule evaluation begins; filter_rule='f_mail'
Filter node evaluation result; filter_result='not-match',
filter_type='facility'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_mail'
Filter rule evaluation begins; filter_rule='f_syslog'
Filter node evaluation result; filter_result='match', filter_type='facility'
Filter node evaluation result; filter_result='match', filter_type='facility'
Filter node evaluation result; filter_result='match', filter_type='AND'
Filter node evaluation result; filter_result='match', filter_type='facility'
Filter node evaluation result; filter_result='match', filter_type='AND'
Filter rule evaluation result; filter_result='match', filter_rule='f_syslog'
Filter rule evaluation begins; filter_rule='f_mcs'
Filter node evaluation result; filter_result='match', filter_type='facility'
Filter rule evaluation result; filter_result='match', filter_rule='f_mcs'
Initializing destination file writer;
template='/var/log/mw-collaboration/mw-collaboration-loginfile.log',
filename='/var/log/mw-collaboration/mw-collaboration-loginfile.log'
Running SQL query; query='SELECT * FROM mcslogin WHERE 0=1'
Running SQL query; query='INSERT INTO mcslogin (date, loginuser,
ipsource) VALUES (\'2010-12-16 18:59:05\', \'\', \'\')'

Thanks