sylog-ng3 & syslog plugin

zgamer · Post by **zgamer** » Wed Sep 15, 2010 11:09 am

I'm in the process of setting up the syslog plugin of which the installation went fine with the exception of the database importing. I installed syslog_ng3

Code: Select all

syslog-ng -V
syslog-ng 3.1.1
Installer-Version: 3.1.1
Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.1#master#8747d74491eac3fdf5052194f47a68e659633ca9
Compile-Date: Sep 15 2010 10:22:40
Enable-Threads: on
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-Sun-Door: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-SSL: on
Enable-SQL: on
Enable-Linux-Caps: off
Enable-Pcre: on

With the following config for syslog-ng

Code: Select all

@version:3.0

options {
        stats_freq(3600);
        keep_hostname(yes);
        flush_lines(16);
        log_fifo_size(16384);
};

source src {
        unix-dgram("/usr/local/cacti/log/syslog.log");
        internal();
};
source net {
        udp();
};

destination d_mysql {
    sql(type(mysql)
        host("127.0.0.1") username("some_user") password("some_pass")
        database("cacti")
        table("syslog_incoming")
        columns("facility varchar(10)", "priority varchar(10)", "date date", "time time", "host varchar(128)", "message varchar(1024)")
        values("$FACILITY", "$PRIORITY", "$R_DATE", "$R_DATE", "$HOST", "$MSGONLY")
       );
};

log { source(net); destination(d_mysql); };

I'm seeing the syslog-ng processing running and syslog entries hitting the server but not seeing anything showing up in the syslog_incoming table. Any ideas?

smlick · Post by **smlick** » Mon Sep 20, 2010 3:39 am

This is my working config:

## Log to Mysql for Php-syslog-ng
source s_everything { internal(); pipe("/proc/kmsg");
unix-stream("/dev/log"); udp(); };

destination d_mysql {
program("/usr/bin/mysql -hhostaddress -uyouruser -pyourpassword syslog_ng"
template("INSERT INTO plugin_camm_syslog (host, sourceip, facility, priority, sys_date, message, status)
VALUES ( '$HOST', '$SOURCEIP', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$MSG', '0' );\n")
template-escape(yes));
};

log {
source(s_everything);
destination(d_mysql);
};

Regards
Alessio

zgamer · Post by **zgamer** » Mon Sep 20, 2010 7:57 pm

the source only works under linux, trying this on a freebsd install.

Code: Select all

        internal();
        file("/dev/klog");
        unix-stream("/var/run/log");
        unix-stream("/var/run/logpriv" perm(0600));
        udp();

launches without any errors but still not seeing anything the syslog_incoming table

zgamer · Post by **zgamer** » Mon Sep 20, 2010 10:05 pm

Eventually got it, under freebsd the mysql client is under /usr/local/bin/mysql, sourceip is not used with the syslog plug-in, and sys_date is just date with the syslog plug-in.

Post by **TheWitness** » Tue Sep 21, 2010 8:09 am

How do you like the face lift from the old version?

zgamer · Post by **zgamer** » Tue Sep 21, 2010 1:08 pm

TheWitness wrote:How do you like the face lift from the old version?

Native DB support is a big plus with syslog_ng v3, otherwise not much different than the v2 codebase.

Here's the completed syslog_ng.conf for FreeBSD

Code: Select all

@version: 3.0

source s_everything {
        unix-dgram("/var/run/log");
        unix-dgram("/var/run/logpriv" perm(0600));
        file("/dev/klog");
        internal();
        udp();
};

destination d_mysql {
program("/usr/local/bin/mysql -hlocalhost -umyuser --pmypass cacti"
template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message, status)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG', '0' );\n")
template-escape(yes));
};

log {
source(s_everything);
destination(d_mysql);
};

Cacti

sylog-ng3 & syslog plugin

sylog-ng3 & syslog plugin

Who is online