Syslog-ng and MySQL
June 4th, 2009
6 comments
Just a quick note about Syslog-NG with an mysql backend.
# UDP Syslog Port Listener
source s_udp {
udp(
ip('192.168.0.1')
port(514)
);
};
# MySQL Destination
destination d_mysql {
sql(
type(mysql)
host("server") username("syslog") password("syslog")
database("syslog")
table("logs")
table("messages_${R_YEAR}${R_MONTH}${R_DAY}")
columns("datetime", "host", "program", "pid", "message", "facility", "priority")
values("$R_DATE", "$HOST", "$PROGRAM", "$PID", "$MSGONLY", "$FACILITY", "$LEVEL")
indexes("datetime", "host", "program", "pid", "message", "facility", "priority")
);
};
# Log the source to the destination, pretty straightforward
log {
source(s_udp);
destination(d_mysql);
};
As you can see it is a pretty easy configuration which turned out working great without any crappy connections like fifo’s. Besides that it creates a new table per day (it will create tables automatically), and thanks to the table per day tables stay fast enough for some more advanced features.
Off course this will work with every distribution (ubuntu, centos, redhat, suse, archlinux) where you can install the binaries of syslog-ng which include the necessary MySQL libraries as you can see in the comments below