Author Topic: Syslog-ng from EPEL repository on RHEL 6.3 fails to log to MSSQL  (Read 3011 times)

Offline spiraino

  • Newbie
  • *
  • Posts: 2
    • View Profile
    • Email
Syslog-ng from EPEL repository on RHEL 6.3 fails to log to MSSQL
« on: February 11, 2013, 01:54:20 PM »
I've installed "syslog-ng.x86_64 3.2.5-3.el6" and "syslog-ng-libdbi.x86_64 3.2.5-3.el6" from the EPEL repository on a RHEL 6.3 system. Receiving syslog messages and writing them to the local file system is working fine. However, when I attempt to output files to a Microsoft database server, syslog-ng will not start. I get the following error:

Starting syslog-ng: Unable to initialize database access (DBI); rc='-1', error='No such file or directory (2)'
Error initializing dest driver; dest='d_mssql_security', id='d_mssql_security#0'
Error initializing message pipeline;

If I install "libdbi-drivers.x86_64 0.8.3-5.1.el6" then syslog-ng will start without error, but no logs are written to the database. I've confirmed both situations with wireshark, and no traffic from the syslog server is reaching the MSSQL server.

Here are the relevant statements in syslog-ng.conf

source s_remote {
 tcp (ip(0.0.0.0) port (514));
 udp (ip(0.0.0.0) port (514));
};

destination d_mssql_security {
 sql(type(mssql)
 host("10.10.10.10")
 port("1433")
 username("syslog") password("syslogpw") database("syslog_db")
 table("msgs_${R_YEAR}${R_MONTH}${R_DAY}")
 columns("datetime varchar(16)", "host varchar(32)", "program varchar(32)", "pid varchar(8)", "message varchar(4096)")
 values("$R_DATE", "$HOST", "$PROGRAM", "$PID", "$MSGONLY")
 indexes("datetime", "host", "program", "pid"));
};


log { source(s_remote); destination(d_mssql_security); };


Offline czanik

  • Full Member
  • *
  • Posts: 18
    • View Profile
    • Email
Re: Syslog-ng from EPEL repository on RHEL 6.3 fails to log to MSSQL
« Reply #1 on: February 15, 2013, 11:11:32 AM »
syslog-ng-libdbi is just a database abstraction layer. It also needs drivers to function properly. I don't have RHEL around me at the moment, but you should look for libdbi-dbd-freetds or similar.
CzP / BalaBit

Offline spiraino

  • Newbie
  • *
  • Posts: 2
    • View Profile
    • Email
Re: Syslog-ng from EPEL repository on RHEL 6.3 fails to log to MSSQL
« Reply #2 on: February 15, 2013, 11:41:31 AM »
Unfortunately there do not appear to be any pre-configured libdbi-driver packages for freetds in the repo channels. I've built a RHEL 5 box and I'm following your article for compiling syslog-ng from source, http://czanik.blogs.balabit.com/2011/06/compiling-syslog-ng-with-database-support-for-centos-5-co/, but I'm still trying to figure out the ./configure switches I need to use for freetds. I to have freetds installed and can use tsql to get a connection to the database server, just trying to get libdbi to leverage that connection.