Syslog-ng MySQL New
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуsyslog-ng to mysq
Это новая версия - все стало гораздо лучше Тут все под RH - т.к. пришлось делать под этой системой
Install syslog-ng
rpm -Uvh http://mirror.yandex.ru/epel//6/i386/epel-release-6-5.noarch.rpm yum install --enablerepo=epel syslog-ng yum install syslog-ng syslog-ng-devel syslog-ng-libdbi libdbi-drivers libdbi-dbd-mysql chkconfig rsyslog off; chkconfig syslog-ng on service rsyslog stop; service syslog-ng start Syslog-ng configuration:
конфигурация
В конфиге: Allow network messages:
source s_udp { udp(ip("127.0.0.1") port(514)); udp(ip("192.168.17.2") port(514)); };
destination d_udp { file("/var/log/udp.log"); }; log { source(s_udp); destination(d_udp); }; Configure SQL destination and logging: destination d_mysql { sql(type(mysql) host("localhost") username("syslogwriter") password("syslogwriter-password") database("syslog") table("logs") columns("host", "facility", "priority", "level", "tag", "datetime", "program", "msg") values("$HOST_FROM", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$PROGRAM", "$MSG") indexes("host", "facility", "priority", "datetime", "program")); }; log { source(s_sys); destination(d_mysql); }; log { source(s_udp); destination(d_mysql); };
База
CREATE DATABASE `syslog` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; CREATE TABLE logs ( id bigint unsigned NOT NULL AUTO_INCREMENT, host varchar(128) default NULL, facility varchar(10) default NULL, priority varchar(10) default NULL, level varchar(10) default NULL, tag varchar(10) default NULL, datetime datetime default NULL, program varchar(15) default NULL, msg text, seq bigint unsigned NOT NULL default '0', counter int(11) NOT NULL default '1', fo datetime default NULL, lo datetime default NULL, PRIMARY KEY (id), KEY datetime (datetime), KEY sequence (seq), KEY priority (priority), KEY facility (facility), KEY program (program), KEY host (host) ) ENGINE=MyISAM; GRANT INSERT ON `syslog`.* TO 'syslogwriter'@'localhost' IDENTIFIED BY 'syslogwriter-password'; GRANT SELECT ON `syslog`.* TO 'syslogwriter'@'localhost' IDENTIFIED BY 'syslogwriter-password';