I had a need to put Syslog data into a database for further analysis.
Using one of my linux boxes this turned out to be much easier than I thought, at least for basic functionality.
Basically I followed the instructions at http://www.rsyslog.com/doc/rsyslog_mysql.html
and everything just worked.
I already had MySQL installed and Rsyslog was the default syslog on my Linux distribution so I used the included script to create the database, then I created the account.
mysql -u root -p < /usr/share/doc/rsyslog-mysql/createDB.sql
grant all privileges on Syslog.* to 'Syslog'@'%' identified by 'password' with grant option;
Then I modified the rsyslog config file.
#put this line as the first line in /etc/rsyslog.conf
$ModLoad ommysql
#this line logs everything
*.* :ommysql:127.0.0.1,Syslog,Syslog,password
#*.* :ommysql:127.0.0.1,db-name,db-user,db-password
Then I restarted the Rsyslog process.
/etc/rc.d/init.d/rsyslogd restart
Then I issued a 'SELECT * FROM Syslog.SystemEvents;'
I saw that the local machine was logging all of its syslog data and the other devices that were logging to the syslog server were also showing up in the database. As a point of interest, all of the data was still being put in the regular syslog file as well.
Future work on this will be to tailor what gets logged and some possible customizations.
Saturday, February 26, 2011
Subscribe to:
Posts (Atom)