This may seem like a kludge but it should work:
You will need two filters in syslog-ng config file.
One sends all instances of the event to a separate regular file.
The other removes them from the main php-syslog-ng pipe so as not to
pollute your main log.
Then you need a script to monitor the r
You will have get up close and personal with your syslog-ng
configuration file. You can filter out all manner of things from there.
There are many documents and HOWTOs written on the topic all
available via google :-)
Cheers,
/Jason
On Nov 18, 2007, at 11:45 PM, Manoj Kumar wrote:
> Hi All
Mike Sperano wrote:
> Hi Everyone
>
> I have everything up and running and all seems to work well the only problem,
> I am getting stuck on is my sql database is filling up really fast. What I
> have noticed is when syslog-ng pipes the logs over to the mysql.pipe file and
> then the syslog2mysql
Good morning,
By all means, please feel welcome to modify this program any way you
see fit.
If you could supply your modifications back to the community, it
would be very much appreciated.
/Jason
On Oct 5, 2006, at 5:06 AM, [EMAIL PROTECTED] wrote:
> Dir ML member.
>
> I am Japanese user. p
Table names in MySQL cannot use the "-".
Use the underscore (_) instead.
MySQL will try to interpret teh dash symbol as the subtraction symbol and
will lead to exactly your problem.
/Jason
--
You can have my Mac when you pry it from my cold, dead hands.
e:[EMAIL PROTECTED] v:514-815-8204
Syslog has several pre-defined facilities, such as "mail", "daemon",
"kern", etc.
There are also 8 additional facilities for you to use for your own
applications.
These are "local0" through "local7". You could decide to have all
apache servers at your site send their error logs go to local7
.. Maybe You
> have any ideas?
>
> Best regards
> Marcin
>
>
>
> - Original Message -
> From: "Michael Bryant" <[EMAIL PROTECTED]>
> To: "Jason Taylor" <[EMAIL PROTECTED]>
> Cc: "Marcin Wasilewski" <[EMAIL PROTECTED]
Hi Vadim,
Do you think it would be worth-while to have a configuration option
of being able to provide a list of hosts each user is allowed to
query? This is something that I am trying to find the time to do.
It would have the added benefit of making the host-table for that
user statical
I use our parallel backup backbone for log transfers.
All hosts feed via standard syslog (udp:514) to a syslog-ng collector
running on the backup server in each data centre.
These then feed via tcp:5140 to the central log server over an s-
tunnel (check sourceforge) connection. In order to tunn
I am using a 450MHz UltraSPARC-2 with 1024MB of RAM
OS is Solaris 9, running mysql 4.something.
I am logging from a few hundred cisco devices, about 50 unix hosts
and perhaps 100 Windows servers.
My log volume is between 2MM and 4MM events per day (mostly windows
eventlog stuff, followed by the
That and "kilo-dollars" sounds a little odd :-)
/J
--
You can have my Mac when you pry it from my cold, dead hands.
e:[EMAIL PROTECTED] v:514-815-8204
> After spending 15 mins reading up on it to be sure... in some business
> and accounting contexts, M stands for thousands (from 'milli')
t; if feasible.
>
> So the RSS stuff and the event handlers are not necessarily intertwined.
> I would separate them so you would have a separate area to build your
> filters for RSS feeds, and then another area to build your event handlers
> for specific events.
>
> -Orig
Something like this might be easier to implement on the back-end syslog-ng
side, and not by hitting the database.
What about tools like swatch or watcher?
How I see it working is creating a second "destination" in the syslog-ng
config file which sends "pre-filtered" log-output to a file or socket
13 matches
Mail list logo
