立即与支持人员聊天
与支持团队交流

syslog-ng Store Box 6.3.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB

SQL templates in SSB

The following sections describe the SQL templates available in syslog-ng Store Box(SSB):

The Legacy template

The Legacy template stores messages in the ssb_sql_messages_${R_YEAR}_${R_MONTH} table. The following columns are created:

  • insert_time: The date when syslog-ng Store Box(SSB) received the message in Unixtime format.

  • rule_id: ID of the pattern database rule that matched the message.

  • __row_id: Identifier of the row.

  • date_time: The date the message was sent in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • facility: The facility that sent the message.

  • priority: The priority level of the message.

  • host: The IP address or hostname of the host were the message was generated.

  • program: The name of the application that generated the message.

  • pid: The ID number of the process that generated the message (this field is automatically set to zero if the PID is not included in the message).

  • message: The text of the log message.

The insert_time, rule_id, date_time, facility, host, and program columns are indexed.

The Full template

The Full template stores messages in the ssb_sql_messages_${R_YEAR}_${R_MONTH} table. The following columns are created:

  • insert_time: The date when syslog-ng Store Box(SSB) received the message in Unixtime format.

  • rule_id: ID of the pattern database rule that matched the message.

  • __row_id: Identifier of the row.

  • date_time: The date the message was sent in YEAR-MONTH-DAY HOUR:MINUTE:SECOND format.

  • facility: The facility that sent the message.

  • priority: The priority level of the message.

  • sourceip: The IP address of the host that sent the message.

  • host: The IP address or hostname of the host were the message was generated.

  • program: The name of the application that generated the message.

  • pid: The ID number of the process that generated the message (this field is automatically set to zero if the PID is not included in the message).

  • message: The text of the log message.

The insert_time, rule_id, date_time, facility, host, sourceip, and program columns are indexed.

The Custom template

The Custom template allows you to specify the columns to use. Enter a name for the column, select its type, and specify its content using macros. For details on using macros, see The syslog-ng Premium Edition 7.0.14 Administrator Guide. Select the Indexed option if you want the database to index the column.

相关文档