david
/
rsyslog_dbCreate
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added mysql.conf for rsyslog and rewrote the custom SQL script

This commit is contained in:
David Leutgeb 2022-02-23 00:39:44 +01:00
parent aeb1506e76
commit fcde1a8a17
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
createdb.sql
View File

@ -6,9 +6,25 @@ CREATE TABLE SystemEvents
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
FacilityText varchar(100) NULL,
Priority smallint NULL,
PriorityText varchar(10) NULL,
FromHost varchar(60) NULL,
FromHostIp varchar(20) NULL,
Hostname varchar(60) NULL,
Message text,
SysLogTag varchar(60),
SysLogTag varchar(60)
);
CREATE INDEX ReceivedAt on SystemEvents(ReceivedAt);
CREATE INDEX DeviceReportedTime on SystemEvents(DeviceReportedTime);
CREATE INDEX Facility on SystemEvents(Facility);
CREATE INDEX FacilityText on SystemEvents(FacilityText);
CREATE INDEX Priority on SystemEvents(Priority);
CREATE INDEX PriorityText on SystemEvents(PriorityText);
CREATE INDEX FromHost on SystemEvents(FromHost);
CREATE INDEX FromHostIp on SystemEvents(FromHostIp);
CREATE INDEX Hostname on SystemEvents(Hostname);
CREATE INDEX SysLogTag on SystemEvents(SysLogTag);
CREATE FULLTEXT INDEX Message on SystemEvents(Message);

17
mysql.conf Normal file
View File

@ -0,0 +1,17 @@
### Configuration file for rsyslog-mysql
### Changes are preserved
module (load="ommysql")
# Custom Template for DB
$template sqltpl,"insert into SystemEvents (ReceivedAt, DeviceReportedTime, Facility, FacilityText, Priority, PriorityText, FromHost, FromHostIp, Hostname, Message, SysLogTag) values('%timegenerated:::date-mysql%', '%timereported:::date-mysql%', %syslogfacility%, '%syslogfacility-text%', %syslogpriority%, '%syslogpriority-text%', '%fromhost%', '%fromhost-ip%', '%HOSTNAME%', '%msg%', '%syslogtag%')",SQL
# Get all logs from imudp to database
if $inputname startswith "imudp" then {
*.* action(type="ommysql" server="localhost" db="syslog" uid="syslog" pwd="pwd4syslog" template="sqltpl")
stop
}