I am trying to log remote events to a mysql db sitting on a central rsyslog server (v5.10.1-0.7.49 - This is the default version in SLES11sp3). I have tried logging to a file and that works:

:fromhost-ip, isequal, "147.110.250.217"    /var/log/remotefile
& ~

But when I try to change it to a mysql db it fails with a syntax error:

:fromhost-ip, isequal, "x.x.x.x":ommysql:localhost,Syslog,user,pwd
& ~

Error:

Feb 20 11:16:27 idm-syslog rsyslogd: the last error occured in /etc/rsyslog.conf, line 61:":fromhost-ip, isequal, "147.110.250.217" :ommysql:localhost,Syslog,rsyslog,identity" Feb 20 11:16:27 idm-syslog rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]

Ultimately, I would like to log both to file and mysql, can I do this in a single command or must I use multiple ones ?

Thanks

You need to add

$ModLoad ommysql

before

:fromhost-ip, isequal, "x.x.x.x":ommysql:localhost,Syslog,user,pwd & ~

This is my CONF running in my Server

:fromhost-ip, isequal, "X.X.X.X" /var/log/mikrotik.log

$ModLoad ommysql

:fromhost-ip, isequal, "X.X.X.X":ommysql:SERVER_IP,DATABASE,USER,PASSWORD

Hope it help another users.