Mailing List Archive

the first question is how can you get logs from your particular DB?

can you have it write logs to syslog directly?
can you have it write logs to files?
do you have to have it write logs within the database and do sql queries to
retrieve them?

each methos will require a different rsyslog config.

David Lang

On Tue, 7 Jul 2020, Peter Viskup via rsyslog wrote:

> Date: Tue, 7 Jul 2020 11:15:18 +0200
> From: Peter Viskup via rsyslog <rsyslog@lists.adiscon.com>
> To: rsyslog-users <rsyslog@lists.adiscon.com>
> Cc: Peter Viskup <skupko.sk@gmail.com>
> Subject: [rsyslog] Getting audit logs from DB
>
> What is the best way to get audit logs from SQL DB into syslog using
> rsyslog?
> Had a look on the input modules
> https://www.rsyslog.com/doc/v8-stable/configuration/modules/improg.html
> https://www.rsyslog.com/doc/v8-stable/configuration/modules/imbatchreport.html
> https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
> Does not have experience with them except the imfile.
>
> Another not-rsyslog related question. What would be the best way for
> getting the data from DB?
> The solution might support:
> - all/most SQL engines
> - compose data from more tables
> - use templating
>
> Any comments are welcome.
>
> Peter
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

We use logstash for this.  Its input is the DB and its output is TCP to
an rsyslog listening port at localhost.  In this way no file creation or
file I/O is required. The JDBC connectivity piece for the DB in question
is needed, so be prepared to supply the DB client software.

We also have DB owners that said no, you cant have access to our DB. 
Those folks are therefore required to generate the log data themselves,
typically from timed recurring database queries with output to a file. 
Those files then get placed in a directory rsyslog monitors.

That said, the database software will issue events to the system logger
or have its own application log file regardless of platform, just as any
other application does, so those events and/or log files would be
directly accessible to rsyslog.

Regards,


On 7/7/20 12:10 PM, David Lang via rsyslog wrote:
> the first question is how can you get logs from your particular DB?
>
> can you have it write logs to syslog directly?
> can you have it write logs to files?
> do you have to have it write logs within the database and do sql
> queries to retrieve them?
>
> each methos will require a different rsyslog config.
>
> David Lang
>
> On Tue, 7 Jul 2020, Peter Viskup via rsyslog wrote:
>
>> Date: Tue, 7 Jul 2020 11:15:18 +0200
>> From: Peter Viskup via rsyslog <rsyslog@lists.adiscon.com>
>> To: rsyslog-users <rsyslog@lists.adiscon.com>
>> Cc: Peter Viskup <skupko.sk@gmail.com>
>> Subject: [rsyslog] Getting audit logs from DB
>>
>> What is the best way to get audit logs from SQL DB into syslog using
>> rsyslog?
>> Had a look on the input modules
>> https://www.rsyslog.com/doc/v8-stable/configuration/modules/improg.html
>> https://www.rsyslog.com/doc/v8-stable/configuration/modules/imbatchreport.html
>>
>> https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
>> Does not have experience with them except the imfile.
>>
>> Another not-rsyslog related question. What would be the best way for
>> getting the data from DB?
>> The solution might support:
>> - all/most SQL engines
>> - compose data from more tables
>> - use templating
>>
>> Any comments are welcome.
>>
>> Peter
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
>> POST if you DON'T LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if you DON'T LIKE THAT.


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.