syslog-ng parse output personal service

[mayers]

Hi, I created a service via daemon and send output to syslog-ng via local5. However, I cannot find a way to parse the different example via regex to identify the key value macros that I am interested in filtering.

Basically I perform a constant ping on different IPs and I need to intercept the hostname count and message values separately from each line of the message and then analyze them

Thanks

 

[Alain De Vos]

I use syslog-ng in a good way. And push the output to postgresql database.
The defaults are fine except console log. Which i added explicitly.
It's also possible to add the time in detail.

 

[mayers]

Can you please provide me with some documentation

Thanks

 

[Alain De Vos]

To log into postgresql & mariadb ;

/usr/local/etc/syslog-ng.conf

@version:4.4
@include "scl.conf"

#
# This sample configuration file is essentially equilivent to the stock
# FreeBSD /etc/syslog.conf file.
#

#
# options
#
options { chain_hostnames(off); flush_lines(0); threaded(yes); };

#SOURCE#########################################################################

source src {
        system();
        internal();
#       network();
        udp(ip("127.0.0.1"));
        tcp(ip("127.0.0.1"));
        };

#DESTINATION###################################################################

destination D_sql {
    sql(type(pgsql)
        host("127.0.0.1") username("x") password("x")
        database("syslogng")
        table("messages_${HOST}_${R_YEAR}${R_MONTH}${R_DAY}")
        columns("datetime varchar(201)", "host varchar(202)", "program  varchar(1203)", "pid varchar(204)", "facility varchar(205)", "priority varchar(206)", "message  varchar(4007)")
        values("${R_DATE}", "${HOST}", "${PROGRAM}", "${PID}","${FACILITY}","${PRIORITY}", "${MSGONLY}")
        indexes("datetime", "host", "program", "pid","facility","priority","message")
   );
};

destination D_sql2 {
    sql(type(mysql)
        host("127.0.0.1") username("x") password("x")
        database("syslogng")
        table("messages_${HOST}_${R_YEAR}${R_MONTH}${R_DAY}")
        columns("datetime varchar(201)", "host varchar(202)", "program  varchar(1203)", "pid varchar(204)", "facility varchar(205)", "priority varchar(206)", "message  varchar(4007)")
        values("${R_DATE}", "${HOST}", "${PROGRAM}", "${PID}","${FACILITY}","${PRIORITY}", "${MSGONLY}")
        indexes("datetime", "host", "program", "pid","facility","priority","message")
   );
};

log { source(src); filter(f_console); filter(f_info); destination(consolelog); };
log { source(src); filter(f_console); filter(f_info); destination(D_sql); };
log { source(src); filter(f_console); filter(f_info); destination(D_sql2); };

log { source(src); destination(all); };
log { source(src); destination(D_sql); };
log { source(src); destination(D_sql2); };

/etc/sysctl.conf

kern.msgbuf_show_timestamp=1