Solved

logging messages from Netscreen to syslog-ng - need to pipe to MySQL db now

Posted on 2004-07-30
8
447 Views
Last Modified: 2013-12-04
This might be a basic question but I am missing something.  I believe I am successfully sending the Netscreen firewall messages to a remote syslog server (running syslog-ng) as I have them stored in a file.  What I want to do now is pipe this file to a MySQL database so that I can retrieve the data later for analysis and to post to a web interface.  I have even tried the simple syslong-ng.conf example below (unrelated to my Netscreen logs) in an attempt to pipe data.  

destination database { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY','$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };

Nothing ever appears in the mysql.pipe file.  

Also I need advice on what fields I should be extrapolating out of the log for use in the Database; I realize the fields above are not the ones I would need from my Netscreen log but any information or leads on how to use the Netscreen logs correctly with a database would be awesome.

Thanks for any and all help!  It is greatly appreciated!
Brandon
0
Comment
Question by:phishee
8 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 11682564
My approach to this would be to write a Perl script that analyzes the daily log files and writes out html or other reports. I'm of the opinion that one wants to keep the logging operation as simple as possible and you can't get much simpler than writing files. Attempting to pipe log data into a database runs the risk of loosing log records since the DB will always be slower than disk writes. And there are more things that can go wrong. Post processing the log files is completely safe in that if the post processing operation fails you still have the original data and can re-run to analysis tool.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11683530
cc jlevie
0
 
LVL 62

Expert Comment

by:gheist
ID: 11686828
parentheses counts do not match, otherwise cc others.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11689852
Do you currently have a log analizer for Netscreen?
0
 
LVL 62

Expert Comment

by:gheist
ID: 11693150
Let's start with fixing sql sentence ....
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question