urias
17.01.06, 06:49
Hi,
ich bin auf durch ein Programm auf die Idee gekommen die syslog-ng logs in mysql Datenbank zu schreiben, und habe dazu im Netz auch ein nettes kleines howto gefunden, welches mit dem Programm (http://freshmeat.net/projects/php-syslog-ng/)
To setup syslog-ng to log to a mysql database. This assumes that you have installed and setup syslog-ng and mysql.
Edit the syslog-ng.conf file
This tells syslog-ng to pipe to a fifo template
Add the following lines --
## Log syslog-ng to mysql database
##
destination d_mysql {pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log { source(net); destination(d_mysql);
};
Then comment out this line --
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
#source src { unix-dgram("/dev/log"); internal(); };
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
source src { unix-dgram("/etc/log/log"); internal(); };
source net { udp(); };
[Datenbankstruktur]
Create a fifo pipe file --
This is the file that syslog-ng will store records before writing to the database.
mkfifo /tmp/mysql.pipe
You need to restart syslog-ng --
/etc/init.d/syslog-ng stop # Stop syslog-ng
/etc/ini.d/syslog-ng start # Start syslog-ng
Run this command to pipe the file mysql.pipe to mysql database
You need to create a script that will check to make sure this command is running and restart if stopped.
Syslog-ng/Pipe scripts
When this file is started it will hang, You need to create a script and have it run on startup.
mysql -u root --password=passwd syslog < /tmp/mysql.pipe
vorab zum Verständis:
Then comment out this line --
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
#source src { unix-dgram("/dev/log"); internal(); };
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
source src { unix-dgram("/etc/log/log"); internal(); };
source net { udp(); };
:?:
mache ich das nun, kriege ich leider nur ein
router:/var/www/syslog/docs# /etc/init.d/syslog-ng restart
CONSOLE_LOG_LEVEL is of unaccepted value.
KERNEL_RINGBUF_SIZE is of unaccepted value.
Stopping system logging: syslog-ng not running.
Starting system logging: syslog-ngunresolved reference: net
Error initializing configuration, exiting.
start failed.
:(
weitere howtos konnte ich nicht finden, und in der Doku zum syslog-ng wurde ich bisher auch nicht so recht fündig.
Hat wer sowas schonmal gemacht und gelöst und könnte mir weiterhelfen?
Oder hat eine Idee, was mich weiterbringen könnte?
danke
urias
ich bin auf durch ein Programm auf die Idee gekommen die syslog-ng logs in mysql Datenbank zu schreiben, und habe dazu im Netz auch ein nettes kleines howto gefunden, welches mit dem Programm (http://freshmeat.net/projects/php-syslog-ng/)
To setup syslog-ng to log to a mysql database. This assumes that you have installed and setup syslog-ng and mysql.
Edit the syslog-ng.conf file
This tells syslog-ng to pipe to a fifo template
Add the following lines --
## Log syslog-ng to mysql database
##
destination d_mysql {pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log { source(net); destination(d_mysql);
};
Then comment out this line --
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
#source src { unix-dgram("/dev/log"); internal(); };
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
source src { unix-dgram("/etc/log/log"); internal(); };
source net { udp(); };
[Datenbankstruktur]
Create a fifo pipe file --
This is the file that syslog-ng will store records before writing to the database.
mkfifo /tmp/mysql.pipe
You need to restart syslog-ng --
/etc/init.d/syslog-ng stop # Stop syslog-ng
/etc/ini.d/syslog-ng start # Start syslog-ng
Run this command to pipe the file mysql.pipe to mysql database
You need to create a script that will check to make sure this command is running and restart if stopped.
Syslog-ng/Pipe scripts
When this file is started it will hang, You need to create a script and have it run on startup.
mysql -u root --password=passwd syslog < /tmp/mysql.pipe
vorab zum Verständis:
Then comment out this line --
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
#source src { unix-dgram("/dev/log"); internal(); };
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
source src { unix-dgram("/etc/log/log"); internal(); };
source net { udp(); };
:?:
mache ich das nun, kriege ich leider nur ein
router:/var/www/syslog/docs# /etc/init.d/syslog-ng restart
CONSOLE_LOG_LEVEL is of unaccepted value.
KERNEL_RINGBUF_SIZE is of unaccepted value.
Stopping system logging: syslog-ng not running.
Starting system logging: syslog-ngunresolved reference: net
Error initializing configuration, exiting.
start failed.
:(
weitere howtos konnte ich nicht finden, und in der Doku zum syslog-ng wurde ich bisher auch nicht so recht fündig.
Hat wer sowas schonmal gemacht und gelöst und könnte mir weiterhelfen?
Oder hat eine Idee, was mich weiterbringen könnte?
danke
urias