I'm setting rsyslog for a number of servers and want to use Log Analyzer, unless there's a better product. Running CentOS 6.2. I have a dedicated log server (LogSrv) and several clients (MailSrv, etc). So far I have rsyslog logging to messages on the LogSrv fine. I tail -f and watch messages spool in from the clients. The rsyslog.conf includes custom templates (MailSrvtmpl) and a line like:
if ($source == '111.222.333.444') then : ommysql:127.0.0.1,rsyslogdb,rsyslog,rsyslog-passwd;MailSrvtmpl
When I go to mysql
mysql -u root -p
select * from MailSrv; MailSrv is a table created in rsyslogdb.
If I select * from SystemEvents, SystemEvents is another table, I see many log entries.
So it appears that the central log server is getting the messages, the database is storing them in SystemEvents but not in the tables setup for each client. I do see returns from rsyslog like "action call returned -2121" and -2002 when I call rsyslogd with -c5 -n -d options. Does anyonr have ideas where to turn to next? This seems very close but not quite there yet.