we are setting up a centralized logging server which receives logs from many devices and servers and stored them into a database.
The syslog on the central server is syslog-ng. It is chosen because of simplicity of its configuration and easier manageability. The log server itself hosts log database (mariadb) and web interface (apache/mod_php).
The whole point of having a log server is to be able to analyze data in a single place. For that we chose a Adiscon LogAnalyzer, which looks like maintained, mature and feature-rich project.
LogAnalyzer manual recommends to use a MonitorWare schema. For example, installation manual has a "Note on MySQL Databases" section that says it supports "php-syslog-ng" schema for transition purposes and won't utilize it fully, and that schema is not very efficient, and recommends to use MonitorWare schema instead. (MonitorWare is another product by Adiscon.)
Also, it recommends to use rsyslog as it should create structure in the database automatically (rsyslog is also seems to be supported by Adiscon, what an incidence). Aside from that, nowhere this schema is particularly documented.
There is a question from 2011 on how to configure syslog-ng with this schema. This is also one of few places where schema is presented in clear, but it links to another resource which is currently unavailable (and archive.org knows nothing about it either).
So the question remains unanswered: how to properly set up Syslog-NG logging into database with MonitorWare schema?
you can configure the sql() destination of syslog-ng to put the columns and values you need into the database. Check your database scheme to find out which columns you need, and which value to put into which columns.