<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.6000.16544" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Thanks here my syslog-ng.conf</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Server# cat /usr/local/etc/syslog-ng.conf<BR>#<BR># This sample configuration file is essentially equilivent to the stock<BR># FreeBSD /etc/syslog.conf file.<BR>#</DIV>
<DIV> </DIV>
<DIV>#<BR># options<BR>#<BR>options { long_hostnames(off); sync(0); };</DIV>
<DIV> </DIV>
<DIV>#<BR># sources<BR>#<BR>source src { unix-dgram("/var/run/log");<BR> unix-dgram("/var/run/logpriv" perm(0600));<BR> udp(); internal(); file("/dev/klog"); };</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>source net { udp(ip(127.0.0.1) port(514)); };</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><BR>#<BR># destinations<BR>#<BR>destination messages { file("/var/log/messages"); };<BR>destination security { file("/var/log/security"); };<BR>destination authlog { file("/var/log/auth.log"); };<BR>destination maillog { file("/var/log/maillog"); };<BR>destination lpd-errs { file("/var/log/lpd-errs"); };<BR>destination xferlog { file("/var/log/xferlog"); };<BR>destination cron { file("/var/log/cron"); };<BR>destination debuglog { file("/var/log/debug.log"); };<BR>destination consolelog { file("/var/log/console.log"); };<BR>destination all { file("/var/log/all.log"); };<BR>destination newscrit { file("/var/log/news/news.crit"); };<BR>destination newserr { file("/var/log/news/news.err"); };<BR>destination newsnotice { file("/var/log/news/news.notice"); };<BR>destination slip { file("/var/log/slip.log"); };<BR>destination ppp { file("/var/log/ppp.log"); };<BR>destination console { file("/dev/console"); };<BR>destination allusers { usertty("*"); };<BR>#destination loghost { udp("loghost" port(514)); };<BR>destination serveurname {<BR> file("/var/log/SERVEURNAME/$YEAR/$MONTH/$DAY/$HOST.log"<BR> owner(root) group(wheel) perm(0600) dir_perm(0700) create_dirs(yes));<BR>};</DIV>
<DIV> </DIV>
<DIV><BR>#<BR># log facility filters<BR>#<BR>filter f_auth { facility(auth); };<BR>filter f_authpriv { facility(authpriv); };<BR>filter f_not_authpriv { not facility(authpriv); };<BR>filter f_console { facility(console); };<BR>filter f_cron { facility(cron); };<BR>filter f_daemon { facility(daemon); };<BR>filter f_ftp { facility(ftp); };<BR>filter f_kern { facility(kern); };<BR>filter f_lpr { facility(lpr); };<BR>filter f_mail { facility(mail); };<BR>filter f_news { facility(news); };<BR>filter f_security { facility(security); };<BR>filter f_user { facility(user); };<BR>filter f_uucp { facility(uucp); };<BR>filter f_local0 { facility(local0); };<BR>filter f_local1 { facility(local1); };<BR>filter f_local2 { facility(local2); };<BR>filter f_local3 { facility(local3); };<BR>filter f_local4 { facility(local4); };<BR>filter f_local5 { facility(local5); };<BR>filter f_local6 { facility(local6); };<BR>filter f_local7 { facility(local7); };</DIV>
<DIV> </DIV>
<DIV>#<BR># log level filters<BR>#<BR>filter f_emerg { level(emerg); };<BR>filter f_alert { level(alert..emerg); };<BR>filter f_crit { level(crit..emerg); };<BR>filter f_err { level(err..emerg); };<BR>filter f_warning { level(warning..emerg); };<BR>filter f_notice { level(notice..emerg); };<BR>filter f_info { level(info..emerg); };<BR>filter f_debug { level(debug..emerg); };<BR>filter f_is_debug { level(debug); };</DIV>
<DIV> </DIV>
<DIV>#<BR># program filters<BR>#<BR>filter f_ppp { program("ppp"); };<BR>filter f_slip { program("startslip"); };</DIV>
<DIV> </DIV>
<DIV>#<BR># *.err;kern.warning;auth.notice;mail.crit /dev/console<BR>#<BR>log { source(src); filter(f_err); destination(console); };<BR>log { source(src); filter(f_kern); filter(f_warning); destination(console); };<BR>log { source(src); filter(f_auth); filter(f_notice); destination(console); };<BR>log { source(src); filter(f_mail); filter(f_crit); destination(console); };</DIV>
<DIV> </DIV>
<DIV>#<BR># *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages<BR>#<BR>log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); };<BR>log { source(src); filter(f_kern); filter(f_debug); destination(messages); };<BR>log { source(src); filter(f_lpr); filter(f_info); destination(messages); };<BR>log { source(src); filter(f_mail); filter(f_crit); destination(messages); };<BR>log { source(src); filter(f_news); filter(f_err); destination(messages); };</DIV>
<DIV> </DIV>
<DIV>#<BR># security.* /var/log/security<BR>#<BR>log { source(src); filter(f_security); destination(security); };</DIV>
<DIV> </DIV>
<DIV>#<BR># auth.info;authpriv.info /var/log/auth.log<BR>log { source(src); filter(f_auth); filter(f_info); destination(authlog); };<BR>log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); };</DIV>
<DIV> </DIV>
<DIV>#<BR># mail.info /var/log/maillog<BR>#<BR>log { source(src); filter(f_mail); filter(f_info); destination(maillog); };</DIV>
<DIV> </DIV>
<DIV>#<BR># lpr.info /var/log/lpd-errs<BR>#<BR>log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };</DIV>
<DIV> </DIV>
<DIV>#<BR># <A href="ftp://ftp.info">ftp.info</A> /var/log/xferlog<BR>#<BR>log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); };</DIV>
<DIV> </DIV>
<DIV>#<BR># cron.* /var/log/cron<BR>#<BR>log { source(src); filter(f_cron); destination(cron); };</DIV>
<DIV> </DIV>
<DIV>#<BR># *.=debug /var/log/debug.log<BR>#<BR>log { source(src); filter(f_is_debug); destination(debuglog); };</DIV>
<DIV> </DIV>
<DIV>#<BR># *.emerg *<BR>#<BR>log { source(src); filter(f_emerg); destination(allusers); };</DIV>
<DIV> </DIV>
<DIV>#<BR># uncomment this to log all writes to /dev/console to /var/log/console.log<BR># console.info /var/log/console.log<BR>#<BR>#log { source(src); filter(f_console); filter(f_info); destination(consolelog); };</DIV>
<DIV> </DIV>
<DIV>#<BR># uncomment this to enable logging of all log messages to /var/log/all.log<BR># touch /var/log/all.log and chmod it to mode 600 before it will work<BR># *.* /var/log/all.log<BR>#<BR>#log { source(src); destination(all); };</DIV>
<DIV> </DIV>
<DIV>#<BR># uncomment this to enable logging to a remote loghost named loghost<BR># *.* @loghost<BR>#<BR>#log { source(src); destination(loghost); };</DIV>
<DIV> </DIV>
<DIV>#<BR># uncomment these if you're running inn<BR># news.crit /var/log/news/news.crit<BR># news.err /var/log/news/news.err<BR># news.notice /var/log/news/news.notice<BR>#<BR>#log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };<BR>#log { source(src); filter(f_news); filter(f_err); destination(newserr); };<BR>#log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };</DIV>
<DIV> </DIV>
<DIV>#<BR># !startslip<BR># *.* /var/log/slip.log<BR>#<BR>log { source(src); filter(f_slip); destination(slip); };</DIV>
<DIV> </DIV>
<DIV>#<BR># !ppp<BR># *.* /var/log/ppp.log<BR>#<BR>log { source(src); filter(f_ppp); destination(ppp); };</DIV>
<DIV> </DIV>
<DIV>#######################<BR>### Remote Hosts ######<BR>#######################</DIV>
<DIV> </DIV>
<DIV># *.err;kern.warning;auth.notice;mail.crit<BR>log { source(net); filter(f_err); destination(SERVEURNAME); };<BR>log { source(net); filter(f_kern); filter(f_warning); destination(SERVEURNAME); };<BR>log { source(net); filter(f_auth); filter(f_notice); destination(SERVEURNAME); };<BR>log { source(net); filter(f_mail); filter(f_crit); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err<BR>log { source(net); filter(f_notice); filter(f_not_authpriv); destination(SERVEURNAME); };<BR>log { source(net); filter(f_kern); filter(f_debug); destination(SERVEURNAME); };<BR>log { source(net); filter(f_lpr); filter(f_info); destination(SERVEURNAME); };<BR>log { source(net); filter(f_mail); filter(f_crit); destination(SERVEURNAME); };<BR>log { source(net); filter(f_news); filter(f_err); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># security.*<BR>log { source(net); filter(f_security); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># auth.info;authpriv.info<BR>log { source(net); filter(f_auth); filter(f_info); destination(SERVEURNAME); };<BR>log { source(net); filter(f_authpriv); filter(f_info); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># mail.info<BR>log { source(net); filter(f_mail); filter(f_info); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># cron.*<BR>log { source(net); filter(f_cron); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># *.=debug<BR>log { source(net); filter(f_is_debug); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># *.emerg<BR>log { source(net); filter(f_emerg); destination(SERVEURNAME); };</DIV>
<DIV> </DIV>
<DIV># local.*<BR>log { source(net); filter(f_local0); destination(SERVEURNAME); };<BR>log { source(net); filter(f_local1); destination(SERVEURNAME); };<BR>log { source(net); filter(f_local2); destination(SERVEURNAME); };<BR>log { source(net); filter(f_local3); destination(SERVEURNAME); };<BR>log { source(net); filter(f_local4); destination(SERVEURNAME); };<BR>log { source(net); filter(f_local5); destination(SERVEURNAME); };<BR>log { source(net); filter(f_local6); destination(SERVEURNAME); };<BR>log { source(net); filter(f_local7); destination(SERVEURNAME); };<BR></DIV>
<DIV> </DIV>
<DIV>Francis Provencher<BR>Ministère de la Sécurité publique du Québec<BR>Direction des technologies de l'information<BR>Division de la sécurité informatique<BR>Tél: 1 418 646-3258<BR>Courriel: <A href="mailto:Francis.provencher@Msp.gouv.qc.ca">Francis.provencher@Msp.gouv.qc.ca</A><BR> <BR>CEH - Certified Ethical Hackers<BR>SSCP - System Security Certified Practitionner<BR>Sec+ - Security +<BR><BR>>>> Evan Rempel <erempel@uvic.ca> 2/11/2007 11:35 >>><BR></DIV>
<DIV style="COLOR: #000000">FRANCIS PROVENCHER wrote:<BR>> Hi all,<BR>> <BR>> I configure a central syslogger.<BR>> In my syslog-ng.conf<BR>> <BR>> destination "servername" {<BR>> file("/var/log/"servername"/$YEAR/$MONTH/$DAY/$HOST.log"<BR>> owner(root) group(wheel) perm(0600) dir_perm(0700)<BR>> create_dirs(yes));<BR>> };<BR>> <BR>> <BR>> But the syslog call/errors from "servername" is write in<BR>> /var/log/messages ...<BR>> What i'm making wrong?<BR><BR>Can you post your entire syslog-ng.conf file. With the information you<BR>have provided, the best I can do is refer you to the documentation.<BR><BR>-- <BR>Evan Rempel<BR>_______________________________________________<BR>syslog-ng maillist - syslog-ng@lists.balabit.hu<BR><A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>Frequently asked questions at <A href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</A><BR><BR></DIV></BODY></HTML>