We use logstash for this. Its input is the DB and its output is TCP to
an rsyslog listening port at localhost. In this way no file creation or
file I/O is required. The JDBC connectivity piece for the DB in question
is needed, so be prepared to supply the DB client software.
We also have DB owners that said no, you cant have access to our DB.
Those folks are therefore required to generate the log data themselves,
typically from timed recurring database queries with output to a file.
Those files then get placed in a directory rsyslog monitors.
That said, the database software will issue events to the system logger
or have its own application log file regardless of platform, just as any
other application does, so those events and/or log files would be
directly accessible to rsyslog.
Regards,
On 7/7/20 12:10 PM, David Lang via rsyslog wrote:
the first question is how can you get logs from your particular DB?
can you have it write logs to syslog directly?
can you have it write logs to files?
do you have to have it write logs within the database and do sql
queries to retrieve them?
each methos will require a different rsyslog config.
David Lang
On Tue, 7 Jul 2020, Peter Viskup via rsyslog wrote:
Date: Tue, 7 Jul 2020 11:15:18 +0200
From: Peter Viskup via rsyslog <[email protected]>
To: rsyslog-users <[email protected]>
Cc: Peter Viskup <[email protected]>
Subject: [rsyslog] Getting audit logs from DB
What is the best way to get audit logs from SQL DB into syslog using
rsyslog?
Had a look on the input modules
https://www.rsyslog.com/doc/v8-stable/configuration/modules/improg.html
https://www.rsyslog.com/doc/v8-stable/configuration/modules/imbatchreport.html
https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
Does not have experience with them except the imfile.
Another not-rsyslog related question. What would be the best way for
getting the data from DB?
The solution might support:
- all/most SQL engines
- compose data from more tables
- use templating
Any comments are welcome.
Peter
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
