Syslog-ng with mysql logging Ubuntu 12.04
Install Required Packages
apt-get install syslog-ng-core syslog-ng-mod-sql mysql-server
apt-get install libdbi1 libdbd-mysql
Install Optional Packages
apt-get install phpmyadmin
Create database
CREATE DATABASE syslog;
USE DATABASE syslog;
CREATE TABLE `logs` (
`host` VARCHAR(32) DEFAULT NULL,
`facility` VARCHAR(10) DEFAULT NULL,
`priority` VARCHAR(10) DEFAULT NULL,
`level` VARCHAR(10) DEFAULT NULL,
`tag` VARCHAR(10) DEFAULT NULL,
`datetime` datetime DEFAULT NULL,
`program` VARCHAR(15) DEFAULT NULL,
`msg` text,
`seq` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`seq`),
KEY `host` (`host`),
KEY `program` (`program`),
KEY `datetime` (`datetime`),
KEY `priority` (`priority`),
KEY `facility` (`facility`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Grant Permissions to database
CREATE USER 'syslog'@'localhost' IDENTIFIED BY '***';
GRANT USAGE ON * . * TO 'syslog'@'localhost' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
GRANT ALL PRIVILEGES ON `syslog` . * TO 'syslog'@'localhost';
Enable Mysql in syslog-ng
- /etc/syslog-ng/conf.d/10mysqlsyslog.conf
FILTER f_no_debug { NOT level(debug); };
destination d_mysql {
SQL(
TYPE(mysql)
username("syslog")
password("********")
DATABASE("syslog")
host("localhost")
TABLE("logs")
COLUMNS("host", "facility", "priority", "level", "tag", "datetime", "program", "msg"
VALUES("$HOST", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG","$YEAR-$MONTH-$DAY $HOUR:
indexes("datetime", "host", "program", "pid", "message")
);
};
log {source(s_net); source(s_src); filter(f_no_debug); destination(d_mysql); };