Solved

logging messages from Netscreen to syslog-ng - need to pipe to MySQL db now

Posted on 2004-07-30
8
452 Views
Last Modified: 2013-12-04
This might be a basic question but I am missing something.  I believe I am successfully sending the Netscreen firewall messages to a remote syslog server (running syslog-ng) as I have them stored in a file.  What I want to do now is pipe this file to a MySQL database so that I can retrieve the data later for analysis and to post to a web interface.  I have even tried the simple syslong-ng.conf example below (unrelated to my Netscreen logs) in an attempt to pipe data.  

destination database { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY','$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };

Nothing ever appears in the mysql.pipe file.  

Also I need advice on what fields I should be extrapolating out of the log for use in the Database; I realize the fields above are not the ones I would need from my Netscreen log but any information or leads on how to use the Netscreen logs correctly with a database would be awesome.

Thanks for any and all help!  It is greatly appreciated!
Brandon
0
Comment
Question by:phishee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 11682564
My approach to this would be to write a Perl script that analyzes the daily log files and writes out html or other reports. I'm of the opinion that one wants to keep the logging operation as simple as possible and you can't get much simpler than writing files. Attempting to pipe log data into a database runs the risk of loosing log records since the DB will always be slower than disk writes. And there are more things that can go wrong. Post processing the log files is completely safe in that if the post processing operation fails you still have the original data and can re-run to analysis tool.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11683530
cc jlevie
0
 
LVL 62

Expert Comment

by:gheist
ID: 11686828
parentheses counts do not match, otherwise cc others.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11689852
Do you currently have a log analizer for Netscreen?
0
 
LVL 62

Expert Comment

by:gheist
ID: 11693150
Let's start with fixing sql sentence ....
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question