[syslog-ng] Issues with sql driver

Péter, Kókai peter.kokai at oneidentity.com
Tue Jan 15 06:02:46 UTC 2019 

Hello,

As the *--syntax-only* suggest, it only does check for syntactic errors.
A common way to find such issues to start the process in foreground:
* stop syslog-ng systemd service (so it won't get in the way)
* start syslog-ng as the systemd would do, plus include the -F (foreground)
option and -e (print internal logs to the stderr); optionally you may also
use -d (debug) -v (verbose); but in this case probably the -Fe would suffice

I just tried your config (with additional @version: 3.18), and it started
just fine.

About the second part. You already using template in your configuration for
the date column ( ${R_DATE} ); in the values you should be able to use any
template (not template function due).

--
Kokan

On Mon, Jan 14, 2019 at 10:54 PM N. Max Pierson <nmaxpierson at gmail.com>
wrote:

> Hi List,
>
> I have 2 questions about the sql driver. First, I am trying to get
> messages into sql using the sql driver but I get an error when I try and
> restart syslog-ng when I enable the log statement with the sql destination.
> The syslog-ng --syntax-only command runs without any issues but systemd
> throws and error that it cannot restart the service but doesn't give a
> clear reason. My config is below, doesn't anyone know where in a log I can
> see why it won't restart??
>
> source s_network { udp(ip(0.0.0.0) port(514)); };
>
> destination d_mysql {
>     sql(type(mysql)
>     host("127.0.0.1")
>     username("syslog-ng")
>     password("password")
>     database("syslog")
>     table("messages_${HOST}")
>     columns("date", "host", "message")
>     values("${R_DATE}", "${HOST}", "${MESSAGE}")
>     indexes("date", "host") );
> };
>
> log { source(s_network); destination(d_mysql); };
>
>
> My second question is can you use a template with the sql destination
> driver? I need to reformat some Cisco Nexus logs because of how it formats
> the date (looks to be non RFC compliant) and if so, can someone give me a
> sample of config with the template in the sql destination driver? I cannot
> seem to find in the docs if this is even possible much less and example of
> how to do it.
>
> TIA,
> Max
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190115/729e9711/attachment.html>

More information about the syslog-ng mailing list