<HTML>
<HEAD>
<TITLE>Re: [syslog-ng] 答复: Need help to send logs to a different server</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Yeah. What I wrote was pseudo-code.<BR>
What is in the attached conf file should work (barring typos and the ever persistent challenge of parenthesis and semicolons)<BR>
<BR>
cheers<BR>
/Marc<BR>
<BR>
<BR>
On 08/12/08 19.18, "Lavannya" <<a href="swap_project@yahoo.com">swap_project@yahoo.com</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Hi Mark,<BR>
<BR>
Thanks for your reply. I am getting error whatever configuration you had said. May be I need to change our existing configuration again. Here is the central log server configuration I am sending as attachment. Our central log server is already configured with tcp(ip(0.0.0.0) ip and when I am adding the new server to collect the log it is giving error.<BR>
<BR>
- I want to add another server (this is needed for some application )<BR>
to my central log server which will<BR>
get all the logs from the central log server.<BR>
<BR>
Pl. feel free to correct the log file and send it to me.<BR>
<BR>
Thanks again<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
--- On Mon, 12/8/08, Marc Andersen <<a href="man@inspektsecurity.com">man@inspektsecurity.com</a>> wrote:<BR>
<BR>
> From: Marc Andersen <<a href="man@inspektsecurity.com">man@inspektsecurity.com</a>><BR>
> Subject: Re: [syslog-ng] 答复: Need help to send logs to a different server<BR>
> To: "Syslog-ng users' and developers' mailing list" <<a href="syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><BR>
> Date: Monday, December 8, 2008, 8:04 AM<BR>
> If the central syslog server is running syslog-ng you can<BR>
> just add another destination (live log server) to the<BR>
> already existing local files.<BR>
><BR>
> log{<BR>
> source (udp/tcp incoming);<BR>
> destination(new live log server);<BR>
> };<BR>
><BR>
> cheers<BR>
> /Marc<BR>
><BR>
><BR>
> On 07/12/08 16.03, "Lavannya"<BR>
> <<a href="swap_project@yahoo.com">swap_project@yahoo.com</a>> wrote:<BR>
><BR>
> Yes , from the client we can , but I think if you read<BR>
> my mail properly, I clearly written that my requirement is<BR>
> NOT, to get the logs from the client. I want to set one<BR>
> server , which will get all the information from the<BR>
> central log master. Yes , I know it can be done through<BR>
> ssh/rsync. But I wanted to know , if there is any option in<BR>
> syslog-ng .<BR>
><BR>
> Thanks<BR>
><BR>
><BR>
><BR>
> --- On Fri, 12/5/08, liuruihong<BR>
> <<a href="liuruihong@baidu.com">liuruihong@baidu.com</a>> wrote:<BR>
><BR>
> > From: liuruihong <<a href="liuruihong@baidu.com">liuruihong@baidu.com</a>><BR>
> > Subject: 答复: [syslog-ng] Need help to send logs to<BR>
> a different server<BR>
> > To: <a href="swap_project@yahoo.com">swap_project@yahoo.com</a>, "'Syslog-ng<BR>
> users' and developers' mailing list'"<BR>
> <<a href="syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><BR>
> > Date: Friday, December 5, 2008, 3:23 AM<BR>
> > in the client,you can define many remote log server<BR>
> > simultaneously.syslog<BR>
> > and syslog-ng all support this function.<BR>
> > You can find in the manual:)<BR>
> ><BR>
> ><BR>
> > 谢谢!<BR>
> ><BR>
> > 刘蕊红 |sys|6758<BR>
> ><BR>
> > -----邮件原件-----<BR>
> > 发件人: <a href="syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a><BR>
> > [<a href="mailto:syslog-ng-bounces@lists.balabit.hu">mailto:syslog-ng-bounces@lists.balabit.hu</a>] 代表<BR>
> Swapna<BR>
> > 发送时间: 2008年12月5日 4:17<BR>
> > 收件人: <a href="syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><BR>
> > 主题: [syslog-ng] Need help to send logs to a<BR>
> different<BR>
> > server<BR>
> ><BR>
> > Hi,<BR>
> ><BR>
> ><BR>
> > We have syslog-ng configuration as follows:<BR>
> ><BR>
> > - There are 50 clients communicating to one log<BR>
> server<BR>
> ><BR>
> > - The log server is kept in secured place where<BR>
> nobody<BR>
> > have access<BR>
> ><BR>
> > - All the logs of 50 clients are coming to the<BR>
> log<BR>
> > server and<BR>
> > the logs are kept as follow<BR>
> ><BR>
> > /var/log/syslog-ng/<client<BR>
> > host>/extended.log<BR>
> ><BR>
> ><BR>
> > We want all the log of each client to relay into a<BR>
> > seperate server live.<BR>
> > Means the current log file of each host will go to<BR>
> the<BR>
> > new server<BR>
> > simultaneously as it is going to the central log<BR>
> server.<BR>
> ><BR>
> ><BR>
> > We can configure a second log server like the<BR>
> existing<BR>
> > one. But our<BR>
> > requirement is, that all the logs will be received<BR>
> from<BR>
> > the central log<BR>
> > server not from the client hosts.<BR>
> ><BR>
> > Any help is really appreciated.<BR>
> ><BR>
> > Thanks<BR>
> ><BR>
> ><BR>
> ><BR>
> ><BR>
> ><BR>
> ____________________________________________________________________________<BR>
> > __<BR>
> > Member info:<BR>
> > <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><BR>
> > Documentation:<BR>
> ><BR>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><BR>
> > FAQ: <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><BR>
><BR>
><BR>
><BR>
> ______________________________________________________________________________<BR>
> Member info:<BR>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><BR>
> Documentation:<BR>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><BR>
> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><BR>
><BR>
><BR>
> ______________________________________________________________________________<BR>
> Member info:<BR>
> <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><BR>
> Documentation:<BR>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><BR>
> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><BR>
<BR>
<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE>
</BODY>
</HTML>