I was recently charged with investigating how to log syslog messages to a database and was pleasently surprised to find that syslog-ng had a neat feature for file and pipe destinations: templates. e.g. syslog-ng.conf destination byhost { file("/var/log/$HOST-$YEAR$MONTH$DATE.log" owner("root") group("adm") perm("640")); }; Another neat thing to do is something like this: destination byhost-psv { file("/var/log/$HOST-$YEAR$MONTH$DATE.psv" owner("root") group("adm") perm("640") template("$FACILITY|$PRIORITY|$YEAR-$MONTH-$DATE $HOUR:$MIN:$SEC|$PROGRAM|$MESSAGE")); }; So, using that, I just finished writing a quick perl script that creates tables generated by host name ('-' and '.' converted to '_') and inserts records into these target tables using the templated data. Currently, it does this by batch process. In the near future, I'll have it reading input from a pipe for real-time entry into a DB. Why did I use this instead of msyslogd? *grin* I couldn't get msyslogd to work AND I really liked how syslog-ng did things. Why did I use perl instead of just outputting the template as an insert statement? $MESSAGE could expand into a a string containing single quotes. That would give problems to an SQL insert statement, problems that are overcome with perl DBI placeholders. ;-) To use it, all I need to do is set up a cron job to load them each night. ;-) Syslog-ng is pretty slick. ;-) I'll be trying msyslogd again sometime soon. Regardless, I agree that extending either/both syslog-ng and msyslog would be good things. ;-) -- Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD
Attachment:
pgpgbbaAOjitC.pgp
Description: PGP signature