I have an iptables firewall in Linux bridge (RHEL5). I want to extract information like IP address, port number, port type, date and time, etc. from log messages using a Bash script, and then want to upload it to a MySQL database to generate the reports.
How can I do this? Is there any way to accomplish the same thing?
If you're using syslog-ng, there is a great guide here. He sets up a queue: syslog-ng writes to it, and he has a consumer that reads from it and performs an SQL insert.
If you are using rsyslogd, it has native support for mysql, but I'd still recommend the message-passing method of the first article; especially if you have high traffic spikes since the database insert takes a substantial amount of time (comparatively).
