How to use rsyslog and MongoDB

rsyslog is since version 6.1.3 capable of using a output module called “ommongodb” to write log messages to mongodb. To achieve this, several packages are needed:

mongodb
mongodb-server
php-pecl-mongo
libmongo-client
libglib2.0-dev

These and of course rsyslog are needed. The packages are easily installed via a package manager. And the installation steps for rsyslog are the usual ones. Except for the “Configure”. Please make sure to include “–enable-ommongodb“. And the other features you plan to use of course.

./configure --libdir=/usr/lib --sbindir=/usr/sbin --enable-ommongodb
make
make install

After this, you need to make some adjustments to the rsyslog.conf. You need to load the module of course and configure an action:

module (load="ommongodb")
*.* action(type="ommongodb" server="127.0.0.1")

In this case we send everything to the local MongoDB server. With the default settings, this should work directly. No username or password is needed if it isn’t configured in MongoDB. And the “db” and “collection” will automatically be created. The default database that rsyslog will use is “syslog” and the default name for the collection is “log“. These can be changed by various parameters.

To review what is written to the database, simply open a command line and enter “mongo“. This is to open the MongoDB Shell. You now need to change the database that is used with

use syslog

That way all further commands will be used on the database that rsyslog uses. Next we let the shell show us the entries:

db.log.find()

Please make sure to use the exact command. Of course there are a lot of other commands that you may find useful. Or information on how to secure the database. Please refer to the MongoDB documentation for that.

Changelog for 7.3.0 (v7-devel)

Version 7.3.0 [devel] 2012-10-09

  • omlibdbi improvements, added
    • support for config load phases & module() parameters
    • support for default templates
    • driverdirectory is now cleanly a global parameter, but can no longer be specified as an action paramter. Note that in previous versions this parameter was ignored in all but the first action definition
  • improved omfile zip writer to increase compression This was achieved by somewhat reducing the robustness of the zip archive. This is controlled by the new action parameter “VeryReliableZip”.

rsyslog 7.1.8 (v7-beta) released

The 7.1.x branch is now feature-complete, consequently this is the first beta release. From now on, 7.1.x will mature and only receive patches. New features will be introduced in the (soon to be opened) 7.3.x branch.

ChangeLog:

http://www.rsyslog.com/changelog-for-7-1-8-v7-beta/

Download:

http://www.rsyslog.com/rsyslog-7-1-8-v7-beta/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 7.1.8 (v7-beta)

Version 7.1.8  [beta] 2012-10-02

  • bugfix: ruleset(){} directive errornously changed default ruleset much like the $ruleset legacy conf statement. This potentially lead to statements being assigned to the wrong ruleset.
  • improved module doc
  • added “parser” parameter to ruleset(), so that parser chain can be configured
  • implemented “continue” RainerScript statement

rsyslog 7.1.7 (v7-devel) released

This release adds the “call” statement, a superior replacement to omruleset. It also provides array-based string comparison operations and the ability to configure TLS permitted peers via the new config language. The 7.1.x branch is now 99% feature-complete.

ChangeLog:

http://www.rsyslog.com/changelog-for-7-1-7-v7-devel/

Download:

http://www.rsyslog.com/rsyslog-7-1-7-v7-devel/

As always, feedback is appreciated.

Best regards,
Florian Riedl

rsyslog 7.1.6 (v7-devel) released

This version implements the input() and ruleset() statements, which finally permit a config file to be written in new style only. A sample can be found at

http://blog.gerhards.net/2012/09/rsyslogs-new-input-statement-quick-look.html

 

ChangeLog:

http://www.rsyslog.com/changelog-for-7-1-6-v7-devel/

Download:

http://www.rsyslog.com/rsyslog-7-1-6-v7-devel/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Scroll to top