Configure Rsyslog with MySQL on centos 6/7

When build application logging is very important to trace and monitor system. One of most common solution for logging is rsyslog. In default Rsyslog will store log to file, log data to file has some disadvantages compare with database especially when amount data is huge.

Rsyslog provide plugin to work with MySQL, or mongo dB for store log. In this post I will guide how to configure Rsyslog with MySQL to make center logging server on centos 6/7.

On this post I assume that your centos box already install rsyslog and mysql.

1. Install rsyslog-mysql plugin

We run below command to install rsyslog mysql plugin.

sudo yum install rsyslog-mysql

2. Create database for rsyslog and user

Rsyslog provide script to create database and tables to store log. Use this script to create database.

mysql –u root –p </usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql

Now we already has a database name Syslog. We need create a user so that rsyslog can connect to mysql and use Syslog database (avoid using root user).

#mysql –u root –p
mysql> create user ‘syslog’@’localhost’ identified by ‘password_syslog’;
mysql> grant all on Syslog.* to ‘syslog’@’localhost’;

3. Setup Rsyslog with mysql

Now we need edit rsyslog configuration to make it work with mysql.
We need change file rsyslog.conf, to do that run below command.

sudo vi rsyslog.conf

we add below lines

$ModLoad ommysql
*.*       :ommysql:localhost,Syslog,syslog,password_syslog

We restart rsyslog so it can apply new changes

service rsyslog restart

Now we’ve already finished configure rsyslog to work with MySql also

Leave a Reply