I export any available syslog including Cisco router, windows event viewer (using evtsys), *nix family into a "so called" server that run Syslog NG + Mysql + PhpSyslogNG. The latest release is 2.8 (at the time of writing); come with several enhancement including user access(control user login and session ID) and cache search (to help speeding database query). When upgrading from 2.5 to 2.8 i need to add a user table and also make adjustment in syslog-ng configuration by combining time and date fielf into one field (datetime).
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, datetime,
program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
I also have to add another field which is datetime into syslog.logs . Everything went smooth until when I add another host into the system. The system did not update the new hosts information. I just wonder why. It might be the network problem, system problem, firewall blocking or natural disaster! Running tcpdump #tcpdump -i ifwhateva host the.ip.of.newhost. The Tcpdump results show; there is data coming in from the.ip.of.newhost but there is still no update from Php-syslog-NG. Hmmm... i think i need to clear the search_cache tables in the syslog.search_cache. $mysql -u root -p syslog -e "truncate table `search_cache`" should do the job.
No comments:
Post a Comment