Added mysql.conf for rsyslog and rewrote the custom SQL script

2022-02-23 00:39:44 +01:00 · 2022-02-23 00:39:44 +01:00 · fcde1a8a17
commit fcde1a8a17
parent aeb1506e76
2 changed files with 34 additions and 1 deletions
--- a/createdb.sql
+++ b/createdb.sql
@ -6,9 +6,25 @@ CREATE TABLE SystemEvents
    ReceivedAt datetime NULL,
    DeviceReportedTime datetime NULL,
    Facility smallint NULL,
    FacilityText varchar(100) NULL,
    Priority smallint NULL,
    PriorityText varchar(10) NULL,
    FromHost varchar(60) NULL,
    FromHostIp varchar(20) NULL,
    Hostname varchar(60) NULL,
    Message text,
-    SysLogTag varchar(60),
+    SysLogTag varchar(60)
   );
 CREATE INDEX ReceivedAt on SystemEvents(ReceivedAt);
 CREATE INDEX DeviceReportedTime on SystemEvents(DeviceReportedTime);
 CREATE INDEX Facility on SystemEvents(Facility);
 CREATE INDEX FacilityText on SystemEvents(FacilityText);
 CREATE INDEX Priority on SystemEvents(Priority);
 CREATE INDEX PriorityText on SystemEvents(PriorityText);
 CREATE INDEX FromHost on SystemEvents(FromHost);
 CREATE INDEX FromHostIp on SystemEvents(FromHostIp);
 CREATE INDEX Hostname on SystemEvents(Hostname);
 CREATE INDEX SysLogTag on SystemEvents(SysLogTag);
 CREATE FULLTEXT INDEX Message on SystemEvents(Message);
--- a/mysql.conf
+++ b/mysql.conf
@ -0,0 +1,17 @@
 ### Configuration file for rsyslog-mysql
 ### Changes are preserved
 module (load="ommysql")
 # Custom Template for DB
 $template sqltpl,"insert into SystemEvents (ReceivedAt, DeviceReportedTime, Facility, FacilityText, Priority, PriorityText, FromHost, FromHostIp, Hostname, Message, SysLogTag) values('%timegenerated:::date-mysql%', '%timereported:::date-mysql%', %syslogfacility%, '%syslogfacility-text%', %syslogpriority%, '%syslogpriority-text%', '%fromhost%', '%fromhost-ip%', '%HOSTNAME%', '%msg%', '%syslogtag%')",SQL
 # Get all logs from imudp to database
 if $inputname startswith "imudp" then {
 	*.*	 action(type="ommysql" server="localhost" db="syslog" uid="syslog" pwd="pwd4syslog" template="sqltpl")
 	stop
 }