Re: syslog-ng to MySQL question

On Thu, Sep 30, 2004 at 08:16:08PM -0500, Ron Clark wrote:
> 
> This may be off topic, but I would be very appreciative of any help. I
> am using the sqlsyslogd file from
> http://www.frasunek.com/sources/security/sqlsyslogd/.

Well it's not off topic, since it deals with syslog-ng also.

> But when it reads from the logs coming into syslog, on the time stamp
> field, it adds some text in <> signs, and does not fully capture the
> time stamp. Does anyone know what these are?  And more important, how
> does one get the script to get fully imput the time stamp in the
> syslogs? Does anyone have any tricks to the sqlsyslog.c file that might
> fix this?

Use templates, as Bazsi said to the last person who asked:

 https://lists.balabit.hu/pipermail/syslog-ng/2004-July/006256.html

In the old days I patched sqlsyslogd to simply not print that part of
the message, pretty simple actually:

diff sqlsyslogd.c sqlsyslogd-orig.c
141c141
<                       loghost = strtok((strstr(buf,">") + 1) + 16, " ");
---
>                       loghost = strtok(buf + 16, " ");
143,144c143
<                               strlen(logprog) + 3; */
<                       logmesg = (strstr(buf,">") + 1) + 16 + strlen(loghost) +