Craig Small wrote:
> On Mon, Feb 04, 2008 at 11:21:16PM +0100, Michael Biebl wrote:
>> Could you explain a little, how jffnms uses syslog-ng (from your
>> description it sounds the other way around: syslog-ng using jffnms as
>> storage backend)
> It's basically using syslog-ng as a converter from UDP syslog packets
> from remote routers and sending those messages into a specific format
> into a JFFNMS database.
>
>> Indeed, rsyslog can log into mysql and psql databases.
>> As I haven't quite understood yet, how the interaction between jffnms
>> and syslog-ng is, I'm not yet sure if that can be applied to rsyslog or not.
> It has a clause in their configuration to pass the syslog messages
> in the following format:
>
> template("INSERT INTO syslog (date, date_logged, host, message) VALUES
> ('$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', NOW\(\), '$FULLHOST',
> '$MSG');\n")
>
> It's documented here:
> http://www.jffnms.org/docs/jffnms_14.html#id2
Thanks for the pointer. I'll take a look at it.
From a first look, it seem that it could be done in rsyslog.
For one it allows to drop configuration data in /etc/rsyslogd.d/ (so you
could automatically setup rsyslog without having to munge with
/etc/rsyslog.conf) and second, it allows to directly write to MySQL and
PostgreSQL databases (via the rsyslog-mysql and rsyslog-pgsql plugin)
instead of going through a pipe to an external script and then using
mysqlclient in the script to do the actual writing to the database.
Filtering on facilities is no problem either in rsyslog.
Only source s_jffnms { unix-dgram("/dev/log"); internal(); udp(); };
is not quite clear yet. Does that mean, it listens both on the unix
socket /dev/log, udp (to collect log messages from other jffnms hosts)
and internal() (whatever that is) for log messages?
Cheers,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
