Talk:Success Stories
From rsyslog wiki
After installing rsyslog in Debian with PostgreSQL support (completely automated under Debian, a real no-brainer) with `apt-get install rsyslog rsyslog-pgsql`, I needed a way for non-technical folks to at least be able to scan the log files. We're talking no idea what the term SQL even stands for let alone enter a database and perform queries.
So I had a few hours and sat down and wrote a real quick and dirty hack to allow just about anyone to at least read (even if they don't understand) the log.
The code is a perl script. It requires the CGI, DBI, DBD::Pg, and Date::Manip modules.
I suggest you create a directory below your cgi-bin directory (something like syslog). I also suggest you password protect it using htaccess. Using https (ssl access) is a good idea too. While you're configuring your web server, you'll need to ensure it can execute .pl files.
Put syslog-common.pl and syslog.pl below you cgi-bin directory and make them executable. In both files are a few configuration variables. Both have a $urlhost= that should point to the files. The syslog.pl file requires a password to access the Syslog database.
I wrote and tested this on a system that is not very busy. I then loaded it on a fairly busy system (at least, I think over 750,000 entries per day qualifies). It takes a while on a system that heavily loaded to load the first page, since the page queries the database for unique hostname entries. Then, depending on what parameters you included, it may take a while longer to load the results page. My system takes 12-15 seconds to load the front page, and that only after I indexed the hostname and facility columns.
The first page lists 24 facilities. Note that these correspond to BSD Syslog RFC 3164. Some names are apparently duplicated. On my server, for example, I can check the first box that is security/authorization and see access to the sshd server on port 22. If I check the second security/authorization box (below the first one), I see accesses to my dropbear ssh server on the embedded devices on the network. The RFC allows for differences in log entry facilities.
If you need this to talk to MySQL, it should work as is, but you'll likely also need DBD::Mysql and to change the port. Let me know if you have any suggestions for improvements and I may get to them as I have time. This hack only took a couple of hours, so don't expect much. Also don't expect a quick response on my part. For now, it serves my needs, hope it serves yours too. I can be reached by e-mail at david dot bandel at gmail dot com.
