<div> </div> <div>Hi,</div> <div>I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not going to desired destinations as defined in the syslog-ng.conf .</div> <div> </div> <div>my syslog-ng.conf </div> <div>---------------------------------------------</div> <div># syslog-ng configuration file.<BR>#<BR># This should behave pretty much like the original syslog on HP-UX. But<BR># it could be configured a lot smarter.<BR>#<BR># See syslog-ng(8) and syslog-ng.conf(8) for more information.<BR>#<BR># 20000925 <A href="mailto:gb@sysfive.com">gb@sysfive.com</A></div> <div>options { sync (0);<BR> time_reopen (10);<BR> log_fifo_size (1000);<BR> long_hostnames (off);<BR> use_dns
(no);<BR> use_fqdn (no);<BR> create_dirs (no);<BR> keep_hostname (yes);<BR> };</div> <div>source s_sys {internal();pipe("/dev/log"); };</div> <div>destination d_cons { file("/dev/console1"); };<BR>destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); };<BR>destination d_mail { file("/var/adm/syslog/mail-ng.log"); };<BR>destination d_mlrt { usertty("root"); };<BR>destination d_mlal { usertty("*"); };</div> <div>filter f_filter1 { facility(mail) and level(debug); };<BR>filter f_filter2 { (facility(mail) and level(debug)) or<BR> level(info); };<BR>filter f_filter3 { level(alert); };<BR>filter f_filter4
{ level(emerg); };</div> <div>log { source(s_sys); destination(d_mail); };<BR>log { source(s_sys); destination(d_mesg); };<BR>log { source(s_sys); destination(d_cons);destination(d_mlrt); };<BR>log { source(s_sys); destination(d_mlal); };<BR>#</div> <div>--------------------------------------------<BR></div> <div>Now If I generate message using "logger" utility on system, message should go to "/var/adm/syslog/syslog-ng.log", though they are not going...</div> <div>Is there anything wrong with .conf file?</div> <div> </div> <div>What should be the conf file for central server and client on HP-UX?</div> <div> </div> <div> </div> <div>syslog-ng daemon is running like:</div> <div>-------------------------------------------------------------------------------</div> <div>syslog-ng service starting.<BR># ps -eaf |grep syslog-ng<BR> root 14437 1 0 10:22:30
? 0:00 /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local<BR>#<BR></div> <div>------------------------------------------------------------------------------</div> <div> </div> <div>Thanks</div> <div>Shamim</div> <div><BR><B><I>syslog-ng-request@lists.balabit.hu</I></B> wrote:</div> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Send syslog-ng mailing list submissions to<BR>syslog-ng@lists.balabit.hu<BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR>https://lists.balabit.hu/mailman/listinfo/syslog-ng<BR>or, via email, send a message with subject or body 'help' to<BR>syslog-ng-request@lists.balabit.hu<BR><BR>You can reach the person managing the list at<BR>syslog-ng-owner@lists.balabit.hu<BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of syslog-ng digest..."<BR><BR><BR>Today's
Topics:<BR><BR>1. Re: Is this possible in syslog-ng.conf . (v2.0.2)<BR>(Balazs Scheidler)<BR>2. Re: Setting permissions on log files (Balazs Scheidler)<BR>3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel)<BR>4. compilation errors with --enable-spoof-source<BR>(Ravi Papisetti -X (rpapiset - HCL at Cisco))<BR>5. Re: Is this possible in syslog-ng.conf . (v2.0.2)<BR>(Balazs Scheidler)<BR>6. Re: compilation errors with --enable-spoof-source<BR>(Balazs Scheidler)<BR>7. RE: compilation errors with --enable-spoof-source<BR>(Ravi Papisetti -X (rpapiset - HCL at Cisco))<BR>8. RE: compilation errors with --enable-spoof-source<BR>(Balazs Scheidler)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Mon, 19 Feb 2007 17:14:12 +0100<BR>From: Balazs Scheidler <BAZSI@BALABIT.HU><BR>Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)<BR>To: Syslog-ng users' and developers' mailing
list<BR><SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID: <1171901652.11781.7.camel@bzorp.balabit><BR>Content-Type: text/plain<BR><BR>On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:<BR><BR>> Ok . IMO counter intuitive , Tho reasonable with your explanation . <BR>> One is very used to the 'source' in FW/router/...'s as being the source <BR>> device(s) IP from where a packet came from .<BR><BR>syslog-ng is not a firewall :) this is sometimes strange to me as well,<BR>being involved in firewall products as well. But putting the joke aside,<BR>syslog-ng is a "syslog message pipe" processor: sources generate<BR>messages, destinations serve as message sinks. Some filtering here and<BR>there, that's about syslog-ng's internal structure.<BR><BR>So, naming source as a source is consistent with syslog-ng itself.<BR><BR>> An aside , Can one do the 'Formatting' like my example above , again <BR>> no examples show up like that , but I am hopeful
.<BR>> <BR>> <BR>> > To do that you need the netmask() filter.<BR>> <BR>> Next time I'll go looking at the Blog at Gmane first before shooting my <BR>> mouth off . netmask was just the hint I needed .<BR>> Tho it sure would be nice for netmask() to support the /xx bits netmask <BR>> format .<BR><BR>It does support this format.<BR><BR>-- <BR>Bazsi<BR><BR><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Mon, 19 Feb 2007 17:15:57 +0100<BR>From: Balazs Scheidler <BAZSI@BALABIT.HU><BR>Subject: Re: [syslog-ng] Setting permissions on log files<BR>To: Syslog-ng users' and developers' mailing list<BR><SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID: <1171901757.11781.10.camel@bzorp.balabit><BR>Content-Type: text/plain<BR><BR>On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:<BR>> With the 'file' destination, Syslog-ng modifies the ownership and<BR>> permissions of the file when it opens it. There are configuration<BR>>
file options to choose what it sets them to, but AFAICT, no way to <BR>> have Syslog-ng just leave the files as it finds them.<BR>> <BR>> I prefer to maintain permissions and ownership separately; I set them<BR>> when I create the file and expect them to stick. Could there be a<BR>> configuration file option for that?<BR>> <BR><BR>IIRC, you can use -1 for various options, which means "do not touch".<BR>But I would need to test it. The code in the C part is there, the only<BR>question that remains whether the parser accepts "-1" in the place of<BR>owner/group/permissions.<BR><BR>-- <BR>Bazsi<BR><BR><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Mon, 19 Feb 2007 09:02:15 -0800<BR>From: Evan Rempel <EREMPEL@UVIC.CA><BR>Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)<BR>To: "Syslog-ng users' and developers' mailing list"<BR><SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID: <45D9D817.7050309@uvic.ca><BR>Content-Type:
text/plain; charset=ISO-8859-1; format=flowed<BR><BR>Balazs Scheidler wrote:<BR>> On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:<BR>> <BR>>> Ok . IMO counter intuitive , Tho reasonable with your explanation . <BR>>> One is very used to the 'source' in FW/router/...'s as being the source <BR>>> device(s) IP from where a packet came from .<BR>> <BR>> syslog-ng is not a firewall :) this is sometimes strange to me as well,<BR>> being involved in firewall products as well. But putting the joke aside,<BR>> syslog-ng is a "syslog message pipe" processor: sources generate<BR>> messages, destinations serve as message sinks. Some filtering here and<BR>> there, that's about syslog-ng's internal structure.<BR>> <BR>> So, naming source as a source is consistent with syslog-ng itself.<BR><BR>I think that the author of the original comment was refereing to the IP address binding<BR>in the source definition<BR><BR>source
network { tcp( ip(xxxx) ); };<BR><BR>where the IP address is NOT the source at all, it is a local IP address to bind the listener to.<BR>Perhaps the syntax should be<BR><BR>source network { tcp( bind(xxxx) ); };<BR><BR>since the bind address MUST be ip since the definition is already defined to be tcp.<BR><BR>I think it is a little counter intuitive even within the scope of syslog-ng.<BR><BR>Evan.<BR><BR><BR>> <BR>>> An aside , Can one do the 'Formatting' like my example above , again <BR>>> no examples show up like that , but I am hopeful .<BR>>><BR>>><BR>>>> To do that you need the netmask() filter.<BR>>> Next time I'll go looking at the Blog at Gmane first before shooting my <BR>>> mouth off . netmask was just the hint I needed .<BR>>> Tho it sure would be nice for netmask() to support the /xx bits netmask <BR>>> format .<BR>> <BR>> It does support this format.<BR>> <BR><BR><BR>-- <BR>Evan Rempel
erempel@uvic.ca<BR>Senior Programmer Analyst 250.721.7691<BR>Computing Services<BR>University of Victoria<BR><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Mon, 19 Feb 2007 13:09:41 -0600<BR>From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"<BR><RPAPISET@CISCO.COM><BR>Subject: [syslog-ng] compilation errors with --enable-spoof-source<BR>To: "syslog-ng@lists.balabit.hu" <SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D@mimectl><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Hi,<BR><BR>I am using syslog-ng 1.6.11 and trying to compile this package with<BR>./configure --enable-spoof-source, it throws errors as below<BR><BR>checking whether to enable Sun STREAMS support... yes<BR>checking whether to enable Sun door support... yes<BR>checking whether to enable TCP wrapper support... no<BR>checking whether to enable spoof_source support... ./configure: test: too many arguments<BR>configure: error: libnet-config
not found<BR><BR>It compiles fine without --enable-spoof-source this option. Could you do the needful.<BR><BR>Thanks,<BR>Ravi Kumar P.<BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/dc8ca38e/attachment-0001.html<BR><BR>------------------------------<BR><BR>Message: 5<BR>Date: Mon, 19 Feb 2007 20:23:01 +0100<BR>From: Balazs Scheidler <BAZSI@BALABIT.HU><BR>Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)<BR>To: Syslog-ng users' and developers' mailing list<BR><SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID: <1171912981.11781.12.camel@bzorp.balabit><BR>Content-Type: text/plain<BR><BR>On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:<BR>> Balazs Scheidler wrote:<BR>> > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:<BR>> > <BR>> >> Ok . IMO counter intuitive , Tho reasonable with your explanation .
<BR>> >> One is very used to the 'source' in FW/router/...'s as being the source <BR>> >> device(s) IP from where a packet came from .<BR>> > <BR>> > syslog-ng is not a firewall :) this is sometimes strange to me as well,<BR>> > being involved in firewall products as well. But putting the joke aside,<BR>> > syslog-ng is a "syslog message pipe" processor: sources generate<BR>> > messages, destinations serve as message sinks. Some filtering here and<BR>> > there, that's about syslog-ng's internal structure.<BR>> > <BR>> > So, naming source as a source is consistent with syslog-ng itself.<BR>> <BR>> I think that the author of the original comment was refereing to the IP address binding<BR>> in the source definition<BR>> <BR>> source network { tcp( ip(xxxx) ); };<BR>> <BR>> where the IP address is NOT the source at all, it is a local IP address to bind the listener to.<BR>> Perhaps the
syntax should be<BR>> <BR>> source network { tcp( bind(xxxx) ); };<BR>> <BR>> since the bind address MUST be ip since the definition is already defined to be tcp.<BR>> <BR>> I think it is a little counter intuitive even within the scope of syslog-ng.<BR>> <BR><BR>ip is an alias for localip(), but it's true that all examples use ip().<BR><BR>-- <BR>Bazsi<BR><BR><BR><BR>------------------------------<BR><BR>Message: 6<BR>Date: Mon, 19 Feb 2007 20:23:34 +0100<BR>From: Balazs Scheidler <BAZSI@BALABIT.HU><BR>Subject: Re: [syslog-ng] compilation errors with --enable-spoof-source<BR>To: Syslog-ng users' and developers' mailing list<BR><SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID: <1171913014.11781.14.camel@bzorp.balabit><BR>Content-Type: text/plain<BR><BR>On Mon, 2007-02-19 at 13:09 -0600, Ravi Papisetti -X (rpapiset - HCL at<BR>Cisco) wrote:<BR>> Hi,<BR>> <BR>> I am using syslog-ng 1.6.11 and trying to compile this package with<BR>>
./configure --enable-spoof-source, it throws errors as below<BR>> <BR>> checking whether to enable Sun STREAMS support... yes<BR>> checking whether to enable Sun door support... yes<BR>> checking whether to enable TCP wrapper support... no<BR>> checking whether to enable spoof_source support... ./configure: test:<BR>> too many arguments<BR>> configure: error: libnet-config not found<BR>> <BR>> It compiles fine without --enable-spoof-source this option. Could you<BR>> do the needful.<BR>> <BR><BR>You need libnet in order to compile syslog-ng with spoof source support.<BR><BR>-- <BR>Bazsi<BR><BR><BR><BR>------------------------------<BR><BR>Message: 7<BR>Date: Mon, 19 Feb 2007 16:36:42 -0600<BR>From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"<BR><RPAPISET@CISCO.COM><BR>Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source<BR>To: "Syslog-ng users' and developers' mailing list"<BR><SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID:
<6F4AD076-DD4B-45CE-9B37-8C326CB89BA9@mimectl><BR>Content-Type: text/plain; charset="us-ascii"<BR><BR>An HTML attachment was scrubbed...<BR>URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/5f74b573/attachment-0001.htm<BR><BR>------------------------------<BR><BR>Message: 8<BR>Date: Tue, 20 Feb 2007 08:59:33 +0000<BR>From: Balazs Scheidler <BAZSI@BALABIT.HU><BR>Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source<BR>To: Syslog-ng users' and developers' mailing list<BR><SYSLOG-NG@LISTS.BALABIT.HU><BR>Message-ID: <1171961973.9887.0.camel@bzorp.balabit><BR>Content-Type: text/plain<BR><BR>On Mon, 2007-02-19 at 16:36 -0600, Ravi Papisetti -X (rpapiset - HCL at<BR>Cisco) wrote:<BR>> Already that is installed in my m/c. Compilations went successful<BR>> without this option. I understand that libnet is to compile this<BR>> package.<BR>> <BR>> Let us know how to check if Libnet package installation is fine in
my<BR>> system or not.<BR><BR>if libnet is installed, you should have a script called libnet-config<BR>somewhere in your path. that's what the configure script does not find.<BR><BR>-- <BR>Bazsi<BR><BR><BR><BR>------------------------------<BR><BR>_______________________________________________<BR>syslog-ng maillist - syslog-ng@lists.balabit.hu<BR>https://lists.balabit.hu/mailman/listinfo/syslog-ng<BR><BR><BR>End of syslog-ng Digest, Vol 22, Issue 21<BR>*****************************************<BR></BLOCKQUOTE><BR><p> 
<hr size=1>
New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the <a href="http://uk.rd.yahoo.com/mail/uk/taglines/default/championships/games/*http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk/">Yahoo! Mail Championships</a>. Plus: play games and win prizes.