Recently built 0.8.7b on Fedora 8 which installs rsyslog as the logging package by default (As I recall?).
Everything is working great but I have not figured out how to integrate rsyslog with the syslog 0.5.2 pluggin.
Has anyone built this?
Thanks in advance for any guidance!
syslog pluggin & rsyslog support
Moderators: Developers, Moderators
use syslogng and try the link at the end of the post as it has some pretty good instructions
http://forums.cacti.net/about15618.html ... ght=syslog
http://forums.cacti.net/about15618.html ... ght=syslog
Re: syslog pluggin & rsyslog support
Unfortunately I ran into the same problem w/ Fedora9. And you can't just replace rsyslog w/ syslog-ng. It wants to yank out 90% of what's installed.zippy wrote:Recently built 0.8.7b on Fedora 8 which installs rsyslog as the logging package by default (As I recall?).
Everything is working great but I have not figured out how to integrate rsyslog with the syslog 0.5.2 pluggin.
Has anyone built this?
Thanks in advance for any guidance!
Took a while but here's the template for rsyslog, and the nice thing is you don't need to mess with the pipes.
This template will populate the "syslog-ng" style schema.
Code: Select all
########################################################
#
# Template to "Hopefully" write data to mysql
#
$template syslog-ng,"insert into syslog_incoming(host, facility, priority, level, tag, date, time, msg) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-t
ext%', '%syslogseverity-text%', '%syslogtag%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%msg%')", SQL
:HOSTNAME,!isequal,"yourBox" >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng*.* >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng
Also replace "yourBox", syslogDBuser, and syslogDBpass accordingly ...
Kurowsky
kurowsky wrote:
as the first two lines of my rsyslog.conf file did the trick, though.
Thanks to kurowski for pointing me in the right direction.
This is a great start, but it doesn't quite line up with the table schema defined in the most recent version of the syslog plugin (v. 0.5.2). The 'level' and 'tag' columns are no longer in use, and the 'msg' column is now called 'message'. I modified it like so:Code: Select all
Code: ######################################################## # # Template to "Hopefully" write data to mysql # $template syslog-ng,"insert into syslog_incoming(host, facility, priority, level, tag, date, time, msg) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-t ext%', '%syslogseverity-text%', '%syslogtag%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%msg%')", SQL
Code: Select all
$template syslog-ng,"insert into syslog_incoming(host, facility, priority, date, time, message) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-text%', '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%msg%')", SQLThat part works perfectly. The thing that was tripping me up was not telling rsyslog to load the MySQL module. PuttingThe last line filters local messages from being sent to database. If you want those messges included as well then change it to:Code: Select all
:HOSTNAME,!isequal,"yourBox" >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng
*.* >127.0.0.1,syslog,syslogDBuser,syslogDBpass;syslog-ng
Code: Select all
#load the mysql module
$ModLoad MySQLThanks to kurowski for pointing me in the right direction.
Who is online
Users browsing this forum: No registered users and 0 guests