1

syslog-ng ignores the database defined in syslog-ng.conf and instead uses the default database of the user when logging to MSSQL destination. 

destination d_mssql {
sql(type(mssql)
        host("myhost") username("myuser") password("mypass")
        database("syslogng")
        table("msgs_${R_YEAR}${R_MONTH}${R_DAY}")columns(
                "seqnum bigint",
                "datetime varchar(16)", "host varchar(32)",
                "program varchar(32)", "pid varchar(8)", "priority varchar(10)", "facility varchar(10)", "pri int",
                "message varchar(max)")
        values("$SEQNUM", "$R_DATE", "$HOST", "$PROGRAM", "$PID", "$PRIORITY", "$FACILITY", "$PRI", "$MSGONLY")
        indexes("datetime", "host", "program", "pid"));
};

As you can see I want to use "syslogng" as my database but what happens is that syslog-ng uses the default database ("master") configured for "myuser" in MS SQL Server.

If I change the default database for "myuser" in SQL server to "syslogng", then it will write to "syslogng" database. But this is not what I want. I want to be able to configure the database in syslog-ng.conf.

Any ideas why this is happening?

Same question on BalaBit community website.

Kazark
  • 969
  • 3
  • 12
  • 31
kaptan
  • 285
  • 2
  • 12

1 Answers1

0

To get around this, in my sql() statement I set:

database("")

Then use the full path to the table I want to create/update:

table("syslogng.msgs_${R_YEAR}${R_MONTH}${R_DAY}")")

Use a DB browser, like DBeaver, to connect to you MSSQL DB and determine the full path to your table.

joel
  • 101
  • 1