Parse syslog messages into separate MySQL tables with rsyslog

logs rsyslog
5,260

from taking a look at this tutorial, I see no difference.

But taking a look at the template documentation from rsyslog, there seems to be a difference with mysql depending on the setting for parameter NO_BACKSLASH_ESCAPES.

From the docs:

sql - format the string suitable for a SQL statement in MySQL format. This will 
replace single quotes ("'") and the backslash character by their backslash-escaped
counterpart ("\'" and "\\") inside each field. Please note that in MySQL
configuration, the NO_BACKSLASH_ESCAPES mode must be turned off for this format to
work (this is the default).

stdsql - format the string suitable for a SQL statement that is to be sent to a
standards-compliant sql server. This will replace single quotes ("'") by two single
quotes ("''") inside each field. You must use stdsql together with MySQL if in MySQL
configuration the NO_BACKSLASH_ESCAPES is turned on.
Share:
5,260

Related videos on Youtube

efk
Author by

efk

Updated on September 17, 2022

Comments

  • efk
    efk over 1 year

    Out of the box rsyslog will dump everything into the SystemEvents table within the `Syslog database (if you use the default schema provided). I would like to use a regular expression to filter inbound messages into separate database tables.

    I've played with this, but I'm having a hard time figuring out the best way to accomplish this (or even a way that functions).

    In my rsyslog.conf:

    $template wireless, \
 "insert into RogueAPs \
 (ReceivedAt, DeviceReportedTime, Facility, Priority, FromHost, Message) \
 VALUES('%timegenerated%', '%timereported%', '%syslogfacility%', '%syslogpriority%', '%fromhost-ip%', '%msg%');", \ 
 stdsql

if $msg contains 'subtype=wireless' then :ommysql:127.0.0.1,Syslog,dbusername,dbpassword;wireless

*.* :ommysql:127.0.0.1,Syslog,dbusername,dbpassword

    This was my latest attempt, but I'm stuck.

    (the RogueAPs table is just a clone of the default SystemEvents table that ships with rsyslog)

    Version Info:

    shell# /usr/local/sbin/rsyslogd -v
rsyslogd 5.5.5, compiled with:
        FEATURE_REGEXP:                         Yes
        FEATURE_LARGEFILE:                      No
        FEATURE_NETZIP (message compression):   Yes
        GSSAPI Kerberos 5 support:              No
        FEATURE_DEBUG (debug build, slow code): No
        Atomic operations supported:            Yes
        Runtime Instrumentation (slow code):    No

See http://www.rsyslog.com for more information.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

dmesg flooded with firewall logs
Configuring a custom log file for iptables
How to redirect kernel messages having the unique id substring into separate log file (using `rsyslog`)?
How to redirect logs to syslog for an application which doesn't support syslog yet?
WARN No appenders could be found for logger (org.apache.zookeeper.ZooKeeper)
Receive remote log on a Rsyslog server
rsyslog Filtering Based on IP Address with Wildcards
Why do some of my logs use Localhost and others Hostname - Different Servers
Where do the logs directed to /dev/console go?
Missing Messages and Secure logs files on CentOS