Username: Guest
Admin: no
Printable Version
As part of my role as a systems administrator at iseek, we needed a solution for our syslog information. Although flat logs work well up to a certain size, after a while, no matter how well organised, it becomes unruly. The files become too big - either taking a very long time to search through, or you are forced to split into separate files or folders for each host - making seeing correlations such as SSH bruteforcing across a network almost impossible to see.
PHP-Syslog-NG was originally written by Claus Lund (the original version is available at: http://www.phpwizardry.com/php-syslog-ng/). While PHP-Syslog-NG solved almost all of our problems - it had one problem - like many PHP web applications, it only supported MySQL. For our purposes, we required PostgreSQL support, as we greatly prefer it for multiple reasons, but most especially the 'saner' SQL syntax support.
As a result, in my '20%' time at work (yes, similar to Google, we joke) I have patched PHP-Syslog-NG to create PHP-Syslog-pgsql, which uses ADOdb to support many, many database types. Naturally, not all databases can support the queries that are used, but they are pretty standard so it should be fine. PostgreSQL is much better supported, with a database installation script for both Debianish and RedHat-based distros.