Hi, I'm a bit new to syslog-ng so please excuse my n00b question.
I have syslog-ng piping logs into mysql using the setup from
http://vermeer.org/docs/1, and it seems to be working fine. But, when I try to apply a filter I wrote to only log the facility(mail) logs to the sql destination, I get no log output and my mysql >/tmp/mysql.pipe script ceases to work. Take the filter statement out and restart syslog-ng and it's all back to normal. Conversely, if I use the filter and just write to a file, that works. I just don't seem to be able to use the mail filter and mysql piping at the same time.
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG','$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-esc
};
filter f_ALLMaillogs { host("staging") and facility(mail); };
log { source(s_sys); filter(f_ALLMaillogs); destination(d_mysql); };
All I want to do is aggregate my mail logs per host to a central database using syslog-ng. Is using using filters to only do the mail logs the right way to go?
Print