# ----------------------------------------------------------------------------------------------- # This module is designed to fill a MariaDB/MySql database table created with: # # CREATE TABLE `rawsyslog` ( # `facility` varchar(10) DEFAULT '', # `priority` varchar(10) DEFAULT '', # `oldfac` varchar(10) DEFAULT '', # `oldpri` varchar(10) DEFAULT '', # `time` varchar(30) DEFAULT '', # `host` varchar(40) DEFAULT '', # `msgstring` varchar(120) DEFAULT '', # `d1` varchar(50) DEFAULT '', # `d2` varchar(50) DEFAULT '', # `d3` varchar(50) DEFAULT '', # `d4` varchar(50) DEFAULT '', # `raw` varchar(500) DEFAULT '' # ) # ----------------------------------------------------------------------------------------------- [dbd=y] host=/var/run/mysqld/mysqld.sock, ConnectTimeout = 4, WriteTimeout = 3, charset=utf8, connections = 4 type=mysql database dbd # this is the database name for my test setup. user=ed # Surprise !!! I am the user of this database ! password= # My database login has no password. threadpool=3 # This database definition is assigned to output-threadpool number 3 instead of the default output-threadpool number of 0 (zero). threads=4 # I want a minimum of this many threads to process this database qlines=50 # I want an input buffer to hold up to this many messages should all my working threads become busy (or waiting on an available database connection). # I only define one template for this database. It will be accessed as 'y1' (database destination-id of 'y' [from the section header] + template number 1). # This template truncates the full msg string ($205) at 120 characters to limit the length of extremely long entries and to insure that the entry is not rejected because THIS field is too long (wide). # The message-string variable with the 'no-tag' option ($3001) is unrestricted, so might become the cause of a rejected message. # Fields that exceed the database-field-width produce an sql error and are not inserted into the database by MySQL/MariaDB. # The ':' syntax added to the sql-index can be used with any system- or user-variable. template = 1 insert into rawsyslog (facility, priority, oldfac, oldpri, time, host, msgstring, d1, d2) values ('$237', '$236', '$337', '$336', '$248', '$261', '$205:120', '$3000', '$3001'); [global] # All system variables referenced can be found in SystemVariables.var. syslogkey = *.* = y1 # filtering of received data is controlled by syslogd2 # syslogkey = kern.*;extra9.*;extra14.*;user.*;daemon.* = y1 var 237 $FacpriNoPriStr var 236 $FacpriNoFacStr #The following two variables are parameter-string based, so we have to specify which parameter (by name) to use. var 337 oldfacpri, $PFacpriNoPriStr var 336 oldfacpri, $PFacpriNoFacStr var 248 $TimeLocalRfc var 261 $HostNameOnly var 205 $RawMsg var 3000 $MsgTag var 3001 $MsgNoTag