Solved

logging messages from Netscreen to syslog-ng - need to pipe to MySQL db now

Posted on 2004-07-30
8
443 Views
Last Modified: 2013-12-04
This might be a basic question but I am missing something.  I believe I am successfully sending the Netscreen firewall messages to a remote syslog server (running syslog-ng) as I have them stored in a file.  What I want to do now is pipe this file to a MySQL database so that I can retrieve the data later for analysis and to post to a web interface.  I have even tried the simple syslong-ng.conf example below (unrelated to my Netscreen logs) in an attempt to pipe data.  

destination database { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY','$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };

Nothing ever appears in the mysql.pipe file.  

Also I need advice on what fields I should be extrapolating out of the log for use in the Database; I realize the fields above are not the ones I would need from my Netscreen log but any information or leads on how to use the Netscreen logs correctly with a database would be awesome.

Thanks for any and all help!  It is greatly appreciated!
Brandon
0
Comment
Question by:phishee
8 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 11682564
My approach to this would be to write a Perl script that analyzes the daily log files and writes out html or other reports. I'm of the opinion that one wants to keep the logging operation as simple as possible and you can't get much simpler than writing files. Attempting to pipe log data into a database runs the risk of loosing log records since the DB will always be slower than disk writes. And there are more things that can go wrong. Post processing the log files is completely safe in that if the post processing operation fails you still have the original data and can re-run to analysis tool.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11683530
cc jlevie
0
 
LVL 62

Expert Comment

by:gheist
ID: 11686828
parentheses counts do not match, otherwise cc others.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11689852
Do you currently have a log analizer for Netscreen?
0
 
LVL 62

Expert Comment

by:gheist
ID: 11693150
Let's start with fixing sql sentence ....
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question