As part of my role as a systems administrator, we needed a solution for our syslog information. Although flat logs work well up to a certain size, after a while, no matter how well organised, it becomes unruly. The files become too big - either taking a very long time to search through, or you are forced to split into separate files or folders for each host - making seeing correlations such as SSH bruteforcing across a network almost impossible to see.
PHP-Syslog-NG was originally written by Claus Lund (the official version is available at: http://code.google.com/p/php-syslog-ng/). While PHP-Syslog-NG solved almost all of our problems - it had one problem - like many PHP web applications, it only supported MySQL. For our purposes, we required PostgreSQL support, as we greatly prefer it for multiple reasons, but most especially the 'saner' SQL syntax support.
As a result, in my '20%' time at work I have patched PHP-Syslog-NG to create PHP-Syslog-pgsql, which uses ADOdb to support many, many database types. Naturally, not all databases can support the queries that are used, but they are pretty standard so it should be fine. PostgreSQL is much better supported, with a database installation script for both Debianish and RedHat-based distros.
This code is largely unmaintained, although it works fine for me. Unless you really need PostgreSQL support, you should use the official version.
- Download PHP-Syslog-PGSQL stable