Home > blogpost > Syslog-ng and MySQL

Syslog-ng and MySQL

June 4th, 2009 Leave a comment Go to comments

Just a quick note about Syslog-NG with an mysql backend.

# UDP Syslog Port Listener
source s_udp {
    udp(
        ip('192.168.0.1')
        port(514)
    );
};

# MySQL Destination
destination d_mysql {
    sql(
        type(mysql)
        host("server") username("syslog") password("syslog")
        database("syslog")
        table("logs")
        table("messages_${R_YEAR}${R_MONTH}${R_DAY}")
        columns("datetime", "host", "program", "pid", "message", "facility", "priority")
        values("$R_DATE", "$HOST", "$PROGRAM", "$PID", "$MSGONLY", "$FACILITY", "$LEVEL")
        indexes("datetime", "host", "program", "pid", "message", "facility", "priority")
    );
};

# Log the source to the destination, pretty straightforward
log {
    source(s_udp);
    destination(d_mysql);
};

As you can see it is a pretty easy configuration which turned out working great without any crappy connections like fifo’s. Besides that it creates a new table per day (it will create tables automatically), and thanks to the table per day tables stay fast enough for some more advanced features.

Off course this will work with every distribution (ubuntu, centos, redhat, suse, archlinux) where you can install the binaries of syslog-ng which include the necessary MySQL libraries as you can see in the comments below

Tags: , ,
  1. Ben
    July 6th, 2009 at 12:44 | #1
    Reply | Quote

    Is Syslog-ng PE required for this or can this be done with the Open version?

  2. Blokje
    July 6th, 2009 at 14:04 | #2
    Reply | Quote

    The free version is all I use. I refuse to pay for software when I don’t need too ;-) . I’ve installed the RPM which has, as you can see below, support for MySQL built-in

    [rickv@amsmnvu001 ~]$ rpm -ql syslog-ng | grep mysqlclient
    /opt/syslog-ng/lib/libmysqlclient.so

  3. Ben
    July 6th, 2009 at 14:40 | #3
    Reply | Quote

    Thanks for your reply!

    Great to hear this! I’m fiddling with the piping method now without much succes in OpenSuSE 11.1. Although I have the Syslog-NG package installed, libmysqlclient.so was not supplied :( I’ve tried updating the package. Still missing. Perhaps the SuSE repos. is hosting an outdated package.

    I’ll try a manual compile of Syslog-NG. I really must have this :)

  4. Blokje
    July 6th, 2009 at 14:41 | #4
    Reply | Quote

    Take a look at http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.3/setups/ that’s where I got my version from.

  5. MBown
    July 31st, 2009 at 12:13 | #5
    Reply | Quote

    Hi, I like how you log each day into a different table. But what type of frontend are you using to search the logs? Are you using some type of modified php-syslog-ng for example? Thanks.

  6. Blokje
    July 31st, 2009 at 13:25 | #6
    Reply | Quote

    You can use a table syntax like :
    table("messages_${HOST}_${R_YEAR}${R_MONTH}${R_DAY}")

  1. No trackbacks yet.