1. installation
yum install rsyslog mariadb-server rsyslog-mysql
2. configuration
2.1. remove (old) config file(s)
rm -f /etc/rsyslog.d/cid.conf \
/etc/rsyslog.d/cidsyslog.conf \
/etc/rsyslog.d/sendlog.conf \
/etc/rsyslog.d/messages.conf \
/etc/rsyslog.d/cid-send.conf
2.2. build config files
vi /etc/rsyslog.d/cid-receive.conf
#
$template myMessages,"/var/log/rsyslog/%HOSTNAME%/messages"
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
*.* /dev/tty12
*.* ?myMessages
echo ". check -> /var/log/rsyslog/%HOSTNAME%/messages" > /var/log/messages
2.3. create database
mysql -u"root" -p"Passw0rd" -e "create database Syslog;"
sqlfile="$(rpm -ql rsyslog-mysql | grep '\.sql')"
cube ${sqlfile} "CREATE DATABASE Syslog;" with "#CREATE DATABASE Syslog;"
mysql -u"root" -p"Passw0rd" < ${sqlfile}
vi /etc/rsyslog.d/cid-ommysql.conf
#
$ModLoad ommysql.so
*.* :ommysql:localhost,Syslog,root,Passw0rd
3. services
systemctl enable mariadb.service
systemctl start mariadb.service
systemctl enable rsyslog.service
systemctl restart rsyslog.service
4. testing
mysql -u"root" -p"Passw0rd" Syslog -e "select count(*) from SystemEvents;"
+----------+
| count(*) |
+----------+
| 0 |
+----------+
logger hello
mysql -u"root" -p"Passw0rd" Syslog -e "select count(*) from SystemEvents;"
+----------+
| count(*) |
+----------+
| 1 |
+----------+
mysql -u"root" -p"Passw0rd" Syslog -e "select receivedat,message from SystemEvents;"
+---------------------+--------------------------------------------------------+
| receivedat | message |
+---------------------+--------------------------------------------------------+
| 2017-11-02 00:04:32 | hello |
+---------------------+--------------------------------------------------------+