Please delete me from list server<br><br><b><i>syslog-ng-request@lists.balabit.hu</i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Send syslog-ng mailing list submissions to<br> syslog-ng@lists.balabit.hu<br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>or, via email, send a message with subject or body 'help' to<br> syslog-ng-request@lists.balabit.hu<br><br>You can reach the person managing the list at<br> syslog-ng-owner@lists.balabit.hu<br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of syslog-ng digest..."<br><br><br>Today's Topics:<br><br> 1. Re: syslog-ng filtering capabilities (Bruno Vieira)<br> 2. Log rotate without log rotate. (Bruno Vieira)<br> 3. Re: Log rotate without log rotate. (Alexander Clouter)<br> 4. Re: Log rotate without log rotate.
(Valdis.Kletnieks@vt.edu)<br> 5. Re: Log rotate without log rotate. (Bruno Vieira)<br> 6. Re: Where is the download link for 2.0 ? (Jose Pedro Oliveira)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Fri, 16 Mar 2007 14:51:26 +0000<br>From: "Bruno Vieira" <giuliapo@gmail.com><br>Subject: Re: [syslog-ng] syslog-ng filtering capabilities<br>To: "Syslog-ng users' and developers' mailing list"<br> <syslog-ng@lists.balabit.hu><br>Message-ID:<br> <d64ef5810703160751y7331431enc89b70d1434c75d@mail.gmail.com><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hi there. Yes, syslog-ng has of those features that you want.<br><br>Check the syslog-ng.conf expanded file.<br><br>Here you can see those kind of things being used.<br>Using templates it is possible for syslog-ng to create dirs and files based<br>on
templates.<br><br><br>http://www.campin.net/syslog-ng/expanded-syslog-ng.conf<br><br>Regards,<br>Bruno.<br><br>On 3/15/07, Ramesh Uppuluri <ruppuluri@netcordia.com> wrote:<br>><br>> I am new to syslog-ng product which has been working great so far.<br>> My question is on filtering unwanted syslog messages during collection.<br>> Can I accomplish this using syslog-ng? If so, can some one tell me its<br>> possible to filter out messages from specific host or a wildcard<br>> (subnet) etc.<br>><br>> Thanks<br>> Ramesh<br>> _______________________________________________<br>> syslog-ng maillist - syslog-ng@lists.balabit.hu<br>> https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html<br>><br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL:
http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/4309dea4/attachment.htm<br><br>------------------------------<br><br>Message: 2<br>Date: Fri, 16 Mar 2007 14:59:00 +0000<br>From: "Bruno Vieira" <giuliapo@gmail.com><br>Subject: [syslog-ng] Log rotate without log rotate.<br>To: "Syslog-ng users' and developers' mailing list"<br> <syslog-ng@lists.balabit.hu><br>Message-ID:<br> <d64ef5810703160759m2663a6e4x4cdbb14bf5af1674@mail.gmail.com><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hi there.<br><br>I have a question and at the same time i almost know that it must exist a<br>way of doing this.<br><br>The situation is: I want that my logs act as FIFOs. I mean.. I want my log<br>files to have a max of 100 KB or 100 lines (the one that is most convenient<br>to find a solution). If I use a pipe, I have the problem that if I read on<br>one side of the pipe, it continues dumping it's content until getting empty<br>regardless of having more messages coming
in through the other end. But what<br>I want is a pipe that that keeps it's content and only flushes a message out<br>every time it receives a message in. Just like a FIFO.. I want this<br>behaviour in a file... named pipe? I don't know the solution for this but I<br>can feel that it is out there :)<br><br>This way I would have a log rotation without using log rotate that normally<br>it copies the file content to a new one and than syslog-ng starts writing on<br>an empty one.<br><br>Tell me what you think about this.<br><br>Best regards,<br>Bruno.<br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/0235f155/attachment.html<br><br>------------------------------<br><br>Message: 3<br>Date: Fri, 16 Mar 2007 15:08:14 +0000<br>From: Alexander Clouter <ac56@soas.ac.uk><br>Subject: Re: [syslog-ng] Log rotate without log rotate.<br>To: Syslog-ng users' and developers' mailing
list<br> <syslog-ng@lists.balabit.hu><br>Message-ID: <20070316150813.GJ8038@inskipp.digriz.org.uk><br>Content-Type: text/plain; charset=us-ascii<br><br>Hi,<br><br>Bruno Vieira <giuliapo@gmail.com> [20070316 14:59:00 +0000]:<br>><br>> Hi there.<br>> <br>> I have a question and at the same time i almost know that it must exist a<br>> way of doing this.<br>> <br>> [snipped]<br>> <br>> This way I would have a log rotation without using log rotate that normally<br>> it copies the file content to a new one and than syslog-ng starts writing on<br>> an empty one.<br>> <br>I might have missed something but whats wrong with something like:<br><br>====<br>destination d_cheese {<br> file("/var/log/cheese/$R_YEAR$R_MONTH$R_DAY.log"<br> perm(0644));<br>};<br>====<br><br>Have a look at the follow macro expansions for more fun:<br><br>http://www.balabit.com/products/syslog_ng/reference-2.0/syslog-ng.html/index.html#macros<br><br>> Tell me what
you think about this.<br>> <br>shear craziness :)<br><br>Cheers<br><br>Alex<br><br><br>------------------------------<br><br>Message: 4<br>Date: Fri, 16 Mar 2007 11:32:17 -0400<br>From: Valdis.Kletnieks@vt.edu<br>Subject: Re: [syslog-ng] Log rotate without log rotate.<br>To: "Syslog-ng users' and developers' mailing list"<br> <syslog-ng@lists.balabit.hu><br>Message-ID: <200703161532.l2GFWHCH007073@turing-police.cc.vt.edu><br>Content-Type: text/plain; charset="us-ascii"<br><br>On Fri, 16 Mar 2007 14:59:00 -0000, Bruno Vieira said:<br><br>> I have a question and at the same time i almost know that it must exist a<br>> way of doing this.<br>> <br>> The situation is: I want that my logs act as FIFOs. I mean.. I want my log<br>> files to have a max of 100 KB or 100 lines (the one that is most convenient<br>> to find a solution).<br><br>Trust me - you *really* want to break it on the basis of discrete times that<br>tend to have 100K per time period (be
it once an hour, or once a day, or every<br>15 minutes, or something). When you're trying to shoot a problem, and one<br>logfile destination runs from 02:17:34 to 03:09:19, the next from 03:09:19 to<br>05:48:28, and another destination runs from 01:45:07 to 02:36:12, the next from<br>02:36:12 to 06:29:58 - quick, which files do you need to get all messages from<br>45 seconds to either side of 03:10:15?<br><br>Oh, and one of the machines concerned didn't have the DST patch installed, so<br>you probably want to find 45 seconds either side of 02:10:15 as well. ;)<br>-------------- next part --------------<br>A non-text attachment was scrubbed...<br>Name: not available<br>Type: application/pgp-signature<br>Size: 226 bytes<br>Desc: not available<br>Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/0f62b32b/attachment-0001.pgp<br><br>------------------------------<br><br>Message: 5<br>Date: Fri, 16 Mar 2007 16:03:29 +0000<br>From: "Bruno Vieira"
<giuliapo@gmail.com><br>Subject: Re: [syslog-ng] Log rotate without log rotate.<br>To: "Syslog-ng users' and developers' mailing list"<br> <syslog-ng@lists.balabit.hu><br>Message-ID:<br> <d64ef5810703160903k6e4b4c8cr5f4efc75a279ca06@mail.gmail.com><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hi Alex. Thanks you for your considerations.<br><br>But the problem here is that the device that will be logging have memory<br>restrictions.<br>So, I want a log that acts as a fifo. And every time a new message comes,<br>the oldest one gets out.<br><br>With log rotate I can't guarantee that the size of the log keeps in a<br>acceptable interval like 100 - 120 KB. Because if I get a ton of info dumped<br>to the log file within a small amount of time, I'll still overshoot the<br>maximum file size.<br><br>I would like to have only one file per destination (ex: auth.log) and keep<br>that file within 100 - 120 KB or 100 lines, per example. I want it to be<br>circular... to be
like a FIFO.<br><br><br>What do you think?<br>I have a solution.. but I think there can be a better one. My solution is:<br>having a midlle program between syslog-ng and the destination file. And for<br>every message received, the program would verify if the destination file (<br>p.e. auth.log) already has 100 lines. If so, deleted the last line, make all<br>others one ENTER down and that append the new line to the beginning of the<br>file.<br><br>But this seems to be a very "manual" solution...<br><br><br>Best regards,<br>Bruno.<br><br><br><br>====<br>> destination d_cheese {<br>> file("/var/log/cheese/$R_YEAR$R_MONTH$R_DAY.log"<br>> perm(0644));<br>> };<br>> ====<br>><br>> Have a look at the follow macro expansions for more fun:<br>><br>><br>> http://www.balabit.com/products/syslog_ng/reference-2.0/syslog-ng.html/index.html#macros<br>><br>> > Tell me what you think about this.<br>> ><br>> shear
craziness :)<br>><br>> Cheers<br>><br>> Alex<br>> _______________________________________________<br>> syslog-ng maillist - syslog-ng@lists.balabit.hu<br>> https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html<br>><br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/cbbf8268/attachment.html<br><br>------------------------------<br><br>Message: 6<br>Date: Fri, 16 Mar 2007 17:56:30 +0000<br>From: Jose Pedro Oliveira <jpo@di.uminho.pt><br>Subject: Re: [syslog-ng] Where is the download link for 2.0 ?<br>To: Syslog-ng users' and developers' mailing list<br> <syslog-ng@lists.balabit.hu><br>Message-ID: <45FADA4E.8080202@di.uminho.pt><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Dave Augustus wrote:<br>> Everyplace on http://www.balabit.com I try just
leads me to<br>> http://www.balabit.com/downloads/syslog-ng/2.0/<br><br>Strange! It used to be possible to obtain a directory<br>listing through the web interface at the following address<br><br> http://www.balabit.com/downloads/syslog-ng/2.0/src/<br><br>Any way, you can still download syslog-ng using the following<br>direct links:<br><br>http://www.balabit.com/downloads/syslog-ng/2.0/src/eventlog-0.2.5.tar.gz<br>http://www.balabit.com/downloads/syslog-ng/2.0/src/syslog-ng-2.0.2.tar.gz<br>http://www.balabit.com/downloads/syslog-ng/2.0/src-snapshot/syslog-ng-2.0.2+20070316.tar.gz<br><br>jpo<br>-- <br>Jos Pedro Oliveira<br>* mailto: jpo@di.uminho.pt * http://gsd.di.uminho.pt/jpo *<br>* gpg fingerprint = F9B6 8D87 859D 1C94 48F0 84C0 9749 9EB5 91BD 851B *<br>-------------- next part --------------<br>A non-text attachment was scrubbed...<br>Name: smime.p7s<br>Type: application/x-pkcs7-signature<br>Size: 4616 bytes<br>Desc: S/MIME Cryptographic Signature<br>Url :
http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070316/a44aeb0e/smime.bin<br><br>------------------------------<br><br>_______________________________________________<br>syslog-ng maillist - syslog-ng@lists.balabit.hu<br>https://lists.balabit.hu/mailman/listinfo/syslog-ng<br><br><br>End of syslog-ng Digest, Vol 23, Issue 20<br>*****************************************<br></syslog-ng@lists.balabit.hu></jpo@di.uminho.pt></d64ef5810703160903k6e4b4c8cr5f4efc75a279ca06@mail.gmail.com></syslog-ng@lists.balabit.hu></giuliapo@gmail.com></syslog-ng@lists.balabit.hu></giuliapo@gmail.com></syslog-ng@lists.balabit.hu></ac56@soas.ac.uk></d64ef5810703160759m2663a6e4x4cdbb14bf5af1674@mail.gmail.com></syslog-ng@lists.balabit.hu></giuliapo@gmail.com></ruppuluri@netcordia.com></d64ef5810703160751y7331431enc89b70d1434c75d@mail.gmail.com></syslog-ng@lists.balabit.hu></giuliapo@gmail.com></blockquote><br><p> 
<hr size=1>Ahhh...imagining that irresistible "new car" smell?<br> Check out
<a href="http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM-">new cars at Yahoo! Autos.</a>