[rsyslog] db template how to

[david at lang.hm]

On Mon, 20 Oct 2008, Mikel Jimenez wrote:

> Date: Mon, 20 Oct 2008 21:54:42 +0200
> From: Mikel Jimenez <mikel at irontec.com>
> Reply-To: rsyslog-users <rsyslog at lists.adiscon.com>
> To: rsyslog-users <rsyslog at lists.adiscon.com>
> Subject: [rsyslog] db template how to
> 
> Hello
> How can I make a template of sql in rsyslog.conf that makes that?  :
>
> hostname1 >database.hostname1
> hostname2 >database.hostname2
> hostanem3 >database.hostname3
> .....

first a disclaimer, I haven't used the database output yet, so I could be 
wrong or missing something easier that what I'm suggesting.



putting them into different databases would be difficult and expensive, 
but possible.

if you are putting them into different tables inside one database you 
could change from something like

"insert into syslog(message) values ('%msg%')"

to something like

"insert into syslog||'.'||%hostname% (message) values ('%msg%')"

since you are issuing SQL commands, you could do something along the lines 
of the following to do different databases

"connect database||'.'||%hostname% ; insert into syslog(message) values ('%msg%'):

to switch the the appropriate databases. (note that this is usually _very_ 
inefficiant to do)

I don't know if you can do multiple database output modules going to 
different systems, but if you can you may be able to do something nicer by 
defining a different output module for each hostname and use filters to 
seperate the traffic (this will obviously only work for a limited number 
of hostnames, and they all have to be known ahead of time)

>
> and
>
> hostnameaa
> hostnameab
> hostnamedd
> hostnamede
>
> hostnamea*>database.a
> hostnamed*>database.d

this could be similar, but you would have to do string manipulation of the 
hostname value to extract out just the character you need.

David Lang