I was recently charged with investigating how to log syslog messages
to a database and was pleasently surprised to find that syslog-ng had
a neat feature for file and pipe destinations: templates.
e.g. syslog-ng.conf
destination byhost { file("/var/log/$HOST-$YEAR$MONTH$DATE.log"
owner("root") group("adm") perm("640")); };
Another neat thing to do is something like this:
destination byhost-psv { file("/var/log/$HOST-$YEAR$MONTH$DATE.psv"
owner("root") group("adm") perm("640")
template("$FACILITY|$PRIORITY|$YEAR-$MONTH-$DATE $HOUR:$MIN:$SEC|$PROGRAM|$MESSAGE")); };
So, using that, I just finished writing a quick perl script that
creates tables generated by host name ('-' and '.' converted to '_')
and inserts records into these target tables using the templated data.
Currently, it does this by batch process. In the near future, I'll
have it reading input from a pipe for real-time entry into a DB.
Why did I use this instead of msyslogd? *grin* I couldn't get
msyslogd to work AND I really liked how syslog-ng did things. Why did
I use perl instead of just outputting the template as an insert
statement? $MESSAGE could expand into a a string containing single
quotes. That would give problems to an SQL insert statement, problems
that are overcome with perl DBI placeholders. ;-) To use it, all I
need to do is set up a cron job to load them each night. ;-)
Syslog-ng is pretty slick. ;-) I'll be trying msyslogd again
sometime soon. Regardless, I agree that extending either/both
syslog-ng and msyslog would be good things. ;-)
--
Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie
http://www.wookimus.net/ | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD
Attachment:
pgpgbbaAOjitC.pgp
Description: PGP signature