syslog

1. installation

yum install rsyslog mariadb-server rsyslog-mysql

2. configuration

2.1. remove (old) config file(s)

rm -f /etc/rsyslog.d/cid.conf \
      /etc/rsyslog.d/cidsyslog.conf \
      /etc/rsyslog.d/sendlog.conf \
      /etc/rsyslog.d/messages.conf \
      /etc/rsyslog.d/cid-send.conf

2.2. build config files

vi /etc/rsyslog.d/cid-receive.conf

#
$template myMessages,"/var/log/rsyslog/%HOSTNAME%/messages"

$ModLoad           imudp
$UDPServerRun      514

$ModLoad           imtcp
$InputTCPServerRun 514

*.*                /dev/tty12
*.*                ?myMessages

echo ". check -> /var/log/rsyslog/%HOSTNAME%/messages" > /var/log/messages

2.3. create database

mysql -u"root" -p"Passw0rd" -e "create database Syslog;"

sqlfile="$(rpm -ql rsyslog-mysql | grep '\.sql')"

cube ${sqlfile} "CREATE DATABASE Syslog;" with "#CREATE DATABASE Syslog;"

mysql -u"root" -p"Passw0rd" < ${sqlfile}

vi /etc/rsyslog.d/cid-ommysql.conf

#
$ModLoad ommysql.so
*.* :ommysql:localhost,Syslog,root,Passw0rd

3. services

systemctl enable mariadb.service
systemctl start mariadb.service

systemctl enable rsyslog.service
systemctl restart rsyslog.service

4. testing

mysql -u"root" -p"Passw0rd" Syslog -e "select count(*) from SystemEvents;"

+----------+
| count(*) |
+----------+
|        0 |
+----------+

logger hello

mysql -u"root" -p"Passw0rd" Syslog -e "select count(*) from SystemEvents;"

+----------+
| count(*) |
+----------+
|        1 |
+----------+

mysql -u"root" -p"Passw0rd" Syslog -e "select receivedat,message from SystemEvents;"

+---------------------+--------------------------------------------------------+
| receivedat          | message                                                |
+---------------------+--------------------------------------------------------+
| 2017-11-02 00:04:32 | hello                                                  |
+---------------------+--------------------------------------------------------+