blancs |
11-28-2008 12:16 AM |
syslog-ng + mysql?
I'm pretty new to both sylog-ng and mysql, but more so to mysql.
I am trying to pipe my game server logs to mysql so I can then do some stuff in php. I pretty much followed the directions found at http://vermeer.org/docs/1. Problem is nothing is going into the db from what I can tell. Here is what my syslog-ng file looks like:
Code:
source s_all {
# message generated by Syslog-NG
internal();
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
file("/proc/kmsg" log_prefix("kernel: "));
# use the following line if you want to receive remote UDP logging messages
# (this is equivalent to the "-r" syslogd flag)
# udp();
};
--
destination df_assaultcube { file("/var/log/ac/us1.log"); };
--
destination d_ACmysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
--
filter f_assaultcube {facility(local6); };
--
#local6.* -/var/log/assaultcube.log
log {
source(s_all);
filter(f_assaultcube);
destination(df_assaultcube);
};
--
#local6.* -mySQL
log { source(s_all);
filter(f_assaultcube);
destination(d_ACmysql);
};
Here is what my database and tables look like:
Quote:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| aclog |
| mysql |
+--------------------+
3 rows in set (0.02 sec)
mysql> use aclog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+-----------------+
| Tables_in_aclog |
+-----------------+
| logs |
+-----------------+
1 row in set (0.00 sec)
mysql> DESC logs
-> \g
+----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+------------------+------+-----+---------+----------------+
| host | varchar(32) | YES | MUL | NULL | |
| facility | varchar(10) | YES | MUL | NULL | |
| priority | varchar(10) | YES | MUL | NULL | |
| level | varchar(10) | YES | | NULL | |
| tag | varchar(10) | YES | | NULL | |
| date | date | YES | MUL | NULL | |
| time | time | YES | MUL | NULL | |
| program | varchar(15) | YES | MUL | NULL | |
| msg | text | YES | | NULL | |
| seq | int(10) unsigned | NO | PRI | NULL | auto_increment |
+----------+------------------+------+-----+---------+----------------+
10 rows in set (0.00 sec)
mysql> status
--------------
mysql Ver 14.12 Distrib 5.0.51a, for debian-linux-gnu (x86_64) using readline 5.2
Connection id: 9
Current database: aclog
Current user: root@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.0.51a-3ubuntu5.4 (Ubuntu)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: latin1
Db characterset: latin1
Client characterset: latin1
Conn. characterset: latin1
UNIX socket: /var/run/mysqld/mysqld.sock
Uptime: 12 hours 20 min 47 sec
Threads: 1 Questions: 98 Slow queries: 0 Opens: 24 Flush tables: 1 Open tables: 18 Queries per second avg: 0.002
--------------
|
The script I am useing to pipe everything is:
Code:
#
# Created by Tadghe Patrick Danu
#
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u theuserid --password=thepassword syslogdb < /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi
if logging to a flat log file logs usually look like this:
Quote:
Nov 28 01:11:52 AssaultCube local[30022]: 8 quilleur CLA 0 -1 0 normal *.*.*.*
Nov 28 01:11:52 AssaultCube local[30022]:
Nov 28 01:11:52 AssaultCube local[30022]: Team RVSF: 4 frags
Nov 28 01:11:52 AssaultCube local[30022]: Team CLA: 3 frags
Nov 28 01:11:52 AssaultCube local[30022]: Status at 28-11-2008 01:11:52: 9 remote clients, 11.7 send, 1.7 rec (K/sec)
Nov 28 01:11:52 AssaultCube local[30022]: Time remaining: 8 minutes for team one shot, one kill game, mastermode 0.
Nov 28 01:11:53 AssaultCube local[30011]: [*.*.*.*] arbo stole the flag
Nov 28 01:11:54 AssaultCube local[30011]: [*.*.*.*] LOCO!!!! fragged nobel_home
Nov 28 01:11:54 AssaultCube local[30011]: [*.*.*.*] nobel_home fragged LOCO!!!!
Nov 28 01:11:54 AssaultCube local[30022]: [*.*.*.*] MICHAEL fragged {PRO}Cheif
|
I was starting to think it is the variables being passed in the syslog-ng insert statement, but i have no clue. Can anyone enlighten me, i need it.
|