[rsyslog-notify] Forum Thread: Syslog-NG with Loganalyzer - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Tue Dec 15 14:14:05 CET 2015 

User: IvanAK 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26228#p26228

Message: 
----------
Hi all, 
I have configured Loganalyzer and it works perfect with rsyslog. Now im
trying to change this and start working with syslog-NG, but no luck. Can
some one give me some hints on how to do it. I do all the googleing but
still something is missing. 
I think the communication between the syslog-ng and MySQL. Yes im using
MySQL on it. All this is installed on CentOS 7. 
I have configured the DB like this:
[code:1vlxofha]USE 'your-syslog-database-name';
CREATE TABLE `logs` (
`host` varchar(32) DEFAULT NULL,
`facility` varchar(10) DEFAULT NULL,
`priority` varchar(10) DEFAULT NULL,
`level` varchar(10) DEFAULT NULL,
`tag` varchar(10) DEFAULT NULL,
`datetime` datetime DEFAULT NULL,
`program` varchar(15) DEFAULT NULL,
`msg` text,
`seq` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`seq`),
KEY `host` (`host`),
KEY `program` (`program`),
KEY `datetime` (`datetime`),
KEY `priority` (`priority`),
KEY `facility` (`facility`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;[/code:1vlxofha]

And i have put this in /etc/syslog-ng/conf.d/mysql.conf
[code:1vlxofha]source s_mysql {
 udp(port(514));
 tcp(port(514));
 };

destination d_mysql {
        sql(type(mysql)
                host("localhost")
                username("your-mysql-syslog-user-name")
                password("your-mysql-syslog-password")
                database("your-mysql-syslog-database-name")
                table("logs")
                columns("host", "facility", "priority", "level", "tag",
"datetime", "program", "msg")
                values("$HOST", "$FACILITY", "$PRIORITY", "$LEVEL",
"$TAG","$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC","$PROGRAM", "$MSG")
                indexes("datetime", "host", "program", "msg")
        );
};

destination d_file {
        file("/var/log/syslog/$HOST"
                template("$FULLDATE $MSGHDR$MSG\n")
                template_escape(no)
        );
};

filter f_level {
        level(warning..emerg);
};

log {
        source(s_mysql);
        filter(f_level);
        destination(d_mysql);
};
log {
        source(s_sys);
        filter(f_level);
        destination(d_mysql);
};[/code:1vlxofha]

And still no luck. 
Can some one help me on this. 

Thanks in advanced !

More information about the rsyslog-notify mailing list