How to use rsyslog and MongoDB
rsyslog is since version 6.1.3 capable of using a output module called “ommongodb” to write log messages to mongodb. To achieve this, several packages are needed:
mongodb mongodb-server php-pecl-mongo libmongo-client libglib2.0-dev
These and of course rsyslog are needed. The packages are easily installed via a package manager. And the installation steps for rsyslog are the usual ones. Except for the “Configure”. Please make sure to include “–enable-ommongodb“. And the other features you plan to use of course.
./configure --libdir=/usr/lib --sbindir=/usr/sbin --enable-ommongodb make make install
After this, you need to make some adjustments to the rsyslog.conf. You need to load the module of course and configure an action:
module (load="ommongodb") *.* action(type="ommongodb" server="127.0.0.1")
In this case we send everything to the local MongoDB server. With the default settings, this should work directly. No username or password is needed if it isn’t configured in MongoDB. And the “db” and “collection” will automatically be created. The default database that rsyslog will use is “syslog” and the default name for the collection is “log“. These can be changed by various parameters.
To review what is written to the database, simply open a command line and enter “mongo“. This is to open the MongoDB Shell. You now need to change the database that is used with
use syslog
That way all further commands will be used on the database that rsyslog uses. Next we let the shell show us the entries:
db.log.find()
Please make sure to use the exact command. Of course there are a lot of other commands that you may find useful. Or information on how to secure the database. Please refer to the MongoDB documentation for that.
rsyslog 7.3.0 (v7-devel) released
This start the new 7.3.x development branch. The first feature introduced is an enhancement that dramatically reduces the size of omfile-generated ZIP files.
ChangeLog: http://www.rsyslog.com/changelog-for-7-3-0-v7-devel/
Download: http://www.rsyslog.com/rsyslog-7-3-0-v7-devel/
As always, feedback is appreciated.
Best regards, Tim Eifler
Changelog for 7.3.0 (v7-devel)
Version 7.3.0 [devel] 2012-10-09
- omlibdbi improvements, added
- support for config load phases & module() parameters
- support for default templates
- driverdirectory is now cleanly a global parameter, but can no longer be specified as an action paramter. Note that in previous versions this parameter was ignored in all but the first action definition
- improved omfile zip writer to increase compression This was achieved by somewhat reducing the robustness of the zip archive. This is controlled by the new action parameter “VeryReliableZip”.
rsyslog 7.1.8 (v7-beta) released
The 7.1.x branch is now feature-complete, consequently this is the first beta release. From now on, 7.1.x will mature and only receive patches. New features will be introduced in the (soon to be opened) 7.3.x branch.
ChangeLog:
http://www.rsyslog.com/changelog-for-7-1-8-v7-beta/
Download:
http://www.rsyslog.com/rsyslog-7-1-8-v7-beta/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Changelog for 7.1.8 (v7-beta)
Version 7.1.8 [beta] 2012-10-02
- bugfix: ruleset(){} directive errornously changed default ruleset much like the $ruleset legacy conf statement. This potentially lead to statements being assigned to the wrong ruleset.
- improved module doc
- added “parser” parameter to ruleset(), so that parser chain can be configured
- implemented “continue” RainerScript statement
rsyslog 7.1.7 (v7-devel) released
This release adds the “call” statement, a superior replacement to omruleset. It also provides array-based string comparison operations and the ability to configure TLS permitted peers via the new config language. The 7.1.x branch is now 99% feature-complete.
ChangeLog:
http://www.rsyslog.com/changelog-for-7-1-7-v7-devel/
Download:
http://www.rsyslog.com/rsyslog-7-1-7-v7-devel/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 7.1.7 (v7-devel)
Download file name: rsyslog 7.1.7 (devel)
rsyslog 7.1.7 (devel)
sha256 hash: 353d69798bc25b68c3354949204d0cd8ac481fda2aedac98d0a49393ae6310e8
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.1.7 File size: 2.615 MB
rsyslog 7.1.6 (v7-devel) released
This version implements the input() and ruleset() statements, which finally permit a config file to be written in new style only. A sample can be found at
http://blog.gerhards.net/2012/09/rsyslogs-new-input-statement-quick-look.html
ChangeLog:
http://www.rsyslog.com/changelog-for-7-1-6-v7-devel/
Download:
http://www.rsyslog.com/rsyslog-7-1-6-v7-devel/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 7.1.6 (v7-devel)
Download file name: rsyslog 7.1.6 (devel)
rsyslog 7.1.6 (devel)
sha256 hash: d392c536d97e413e84dce6719351823214daf92bfe3d2665c11b073e81b71264
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.1.6 File size: 2.612 MB
Changelog for 7.1.6 (v7-devel)
Version 7.1.6 [devel] 2012-09-28
- implemented RainerScript input() statement, including support for it in major input plugins
- implemented RainerScript ruleset() statement