Solved

logging messages from Netscreen to syslog-ng - need to pipe to MySQL db now

Posted on 2004-07-30
8
440 Views
Last Modified: 2013-12-04
This might be a basic question but I am missing something.  I believe I am successfully sending the Netscreen firewall messages to a remote syslog server (running syslog-ng) as I have them stored in a file.  What I want to do now is pipe this file to a MySQL database so that I can retrieve the data later for analysis and to post to a web interface.  I have even tried the simple syslong-ng.conf example below (unrelated to my Netscreen logs) in an attempt to pipe data.  

destination database { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY','$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };

Nothing ever appears in the mysql.pipe file.  

Also I need advice on what fields I should be extrapolating out of the log for use in the Database; I realize the fields above are not the ones I would need from my Netscreen log but any information or leads on how to use the Netscreen logs correctly with a database would be awesome.

Thanks for any and all help!  It is greatly appreciated!
Brandon
0
Comment
Question by:phishee
8 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 11682564
My approach to this would be to write a Perl script that analyzes the daily log files and writes out html or other reports. I'm of the opinion that one wants to keep the logging operation as simple as possible and you can't get much simpler than writing files. Attempting to pipe log data into a database runs the risk of loosing log records since the DB will always be slower than disk writes. And there are more things that can go wrong. Post processing the log files is completely safe in that if the post processing operation fails you still have the original data and can re-run to analysis tool.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11683530
cc jlevie
0
 
LVL 61

Expert Comment

by:gheist
ID: 11686828
parentheses counts do not match, otherwise cc others.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11689852
Do you currently have a log analizer for Netscreen?
0
 
LVL 61

Expert Comment

by:gheist
ID: 11693150
Let's start with fixing sql sentence ....
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
OfficeMate Freezes on login or does not load after login credentials are input.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now