Solved

logging messages from Netscreen to syslog-ng - need to pipe to MySQL db now

Posted on 2004-07-30
8
437 Views
Last Modified: 2013-12-04
This might be a basic question but I am missing something.  I believe I am successfully sending the Netscreen firewall messages to a remote syslog server (running syslog-ng) as I have them stored in a file.  What I want to do now is pipe this file to a MySQL database so that I can retrieve the data later for analysis and to post to a web interface.  I have even tried the simple syslong-ng.conf example below (unrelated to my Netscreen logs) in an attempt to pipe data.  

destination database { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY','$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };

Nothing ever appears in the mysql.pipe file.  

Also I need advice on what fields I should be extrapolating out of the log for use in the Database; I realize the fields above are not the ones I would need from my Netscreen log but any information or leads on how to use the Netscreen logs correctly with a database would be awesome.

Thanks for any and all help!  It is greatly appreciated!
Brandon
0
Comment
Question by:phishee
8 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 11682564
My approach to this would be to write a Perl script that analyzes the daily log files and writes out html or other reports. I'm of the opinion that one wants to keep the logging operation as simple as possible and you can't get much simpler than writing files. Attempting to pipe log data into a database runs the risk of loosing log records since the DB will always be slower than disk writes. And there are more things that can go wrong. Post processing the log files is completely safe in that if the post processing operation fails you still have the original data and can re-run to analysis tool.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11683530
cc jlevie
0
 
LVL 61

Expert Comment

by:gheist
ID: 11686828
parentheses counts do not match, otherwise cc others.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11689852
Do you currently have a log analizer for Netscreen?
0
 
LVL 61

Expert Comment

by:gheist
ID: 11693150
Let's start with fixing sql sentence ....
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now