|
|
| Author |
Message |
zippy
Joined: 05 Jun 2008
Posts: 2
|
 Posted: Thu Jun 05, 2008 12:33 pm Post subject: syslog pluggin & rsyslog support |
 |
|
Recently built 0.8.7b on Fedora 8 which installs rsyslog as the logging package by default (As I recall?).
Everything is working great but I have not figured out how to integrate rsyslog with the syslog 0.5.2 pluggin.
Has anyone built this?
Thanks in advance for any guidance! |
|
| Back to top |
|
 |
jfarese
Joined: 06 Dec 2006
Posts: 22
|
|
| Back to top |
|
|
kurowsky
Joined: 04 Feb 2004
Posts: 46
Location: Richmond, VA.
|
| Posted: Sun Jul 13, 2008 10:36 am Post subject: Re: syslog pluggin & rsyslog support |
|
|
| zippy wrote: | Recently built 0.8.7b on Fedora 8 which installs rsyslog as the logging package by default (As I recall?).
Everything is working great but I have not figured out how to integrate rsyslog with the syslog 0.5.2 pluggin.
Has anyone built this?
Thanks in advance for any guidance! |
Unfortunately I ran into the same problem w/ Fedora9. And you can't just replace rsyslog w/ syslog-ng. It wants to yank out 90% of what's installed.
Took a while but here's the template for rsyslog, and the nice thing is you don't need to mess with the pipes.
This template will populate the "syslog-ng" style schema.
| Code: | ########################################################
#
# Template to "Hopefully" write data to mysql
#
$template syslog-ng,"insert into syslog_incoming(host, facility, priority, level, tag, date, time, msg) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-t
ext%', '%syslogseverity-text%', '%syslogtag%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%msg%')", SQL
:HOSTNAME,!isequal,"yourBox" >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng |
The last line filters local messages from being sent to database. If you want those messges included as well then change it to:
*.* >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng
Also replace "yourBox", syslogDBuser, and syslogDBpass accordingly ...  |
|
| Back to top |
|
|
rwkasten
Joined: 29 Jul 2008
Posts: 2
Location: Atlanta, GA
|
| Posted: Tue Jul 29, 2008 8:26 am Post subject: |
|
|
kurowsky wrote:
| Quote: | | Code: | Code:
########################################################
#
# Template to "Hopefully" write data to mysql
#
$template syslog-ng,"insert into syslog_incoming(host, facility, priority, level, tag, date, time, msg) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-t
ext%', '%syslogseverity-text%', '%syslogtag%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%msg%')", SQL |
|
This is a great start, but it doesn't quite line up with the table schema defined in the most recent version of the syslog plugin (v. 0.5.2). The 'level' and 'tag' columns are no longer in use, and the 'msg' column is now called 'message'. I modified it like so:
| Code: | | $template syslog-ng,"insert into syslog_incoming(host, facility, priority, date, time, message) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-text%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%msg%')", SQL |
| Quote: | | Code: |
:HOSTNAME,!isequal,"yourBox" >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng |
The last line filters local messages from being sent to database. If you want those messges included as well then change it to:
*.* >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng |
That part works perfectly. The thing that was tripping me up was not telling rsyslog to load the MySQL module. Putting
| Code: | #load the mysql module
$ModLoad MySQL |
as the first two lines of my rsyslog.conf file did the trick, though.
Thanks to kurowski for pointing me in the right direction. |
|
| Back to top |
|
|
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
