<br><font size=3>Hi,</font>
<br>
<br><font size=3>Here is modified configuration file for central logging.
I have tested it working in my environment.</font>
<br>
<br><font size=3><b>Server.conf</b><br>
</font>
<br><font size=3>#################################################################</font>
<br><font size=3>source s_remote { tcp(); };</font>
<br><font size=3>## This will create seprate file for each client on central
log server and log http messages</font>
<br><font size=3>destination d_clients { file("/var/adm/web.$HOST.log");
};</font>
<br><font size=3>log { source(s_remote); destination(d_clients); };</font>
<br><font size=3>#################################################################</font>
<br>
<br><font size=3>options {<br>
sync (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
long_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log");<br>
internal();<br>
#udp(ip(0.0.0.0) port(514));<br>
};<br>
</font>
<br><font size=3>## This will log local http messages to defined file<br>
destination send_http_logs { file("/var/log/web.log"); };<br>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
<b><br>
Client.conf</b><br>
<br>
options {<br>
sync (0);<br>
time_reopen (10);</font>
<br><font size=3> log_fifo_size (1000);</font>
<br><font size=3> long_hostnames(on);</font>
<br><font size=3> use_dns(yes);</font>
<br><font size=3> dns_cache(yes);</font>
<br><font size=3> use_fqdn(no);</font>
<br><font size=3> create_dirs (yes);</font>
<br><font size=3> keep_hostname (yes);</font>
<br><font size=3> perm(0640);</font>
<br><font size=3> dir_perm(0750);<br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log");<br>
internal();<br>
};</font>
<br><font size=3>destination send_http_logs { tcp("192.168.2.54"
port(514)); };<br>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
</font>
<br>
<br><font size=3>Hope this will work for you.</font>
<br>
<br><font size=2 face="sans-serif">--<br>
Chanchal<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>lance raymond <lance.raymond@gmail.com></b>
</font>
<br><font size=1 face="sans-serif">Sent by: syslog-ng-bounces@lists.balabit.hu</font>
<p><font size=1 face="sans-serif">01/29/2009 02:53 AM</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
"Syslog-ng users' and developers' mailing list"
<syslog-ng@lists.balabit.hu></font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">syslog-ng@lists.balabit.hu</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">[syslog-ng] 1st post on some basic 101
setup</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=3>Basic scenario is we have 5 web servers in a cluster which
I wish to centrally log. I was pointed to syslog-ng and the linuxquestions
guys 50+ readings and not 1 response so found this list and will give it
a try.<br>
<br>
Basically all the webservers are running FC5, and rpm -qa shows the following
version;<br>
syslog-ng-1.6.12-1.fc5<br>
<br>
I see some newer versions, not sure if I should/have to, but really just
want to log the different vhosts apache logs to a central server. I
read a few diff things a few places, and so far have the following conf
files. <br>
<b><br>
Server.conf</b><br>
options {<br>
sync (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
long_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log");<br>
internal();<br>
udp(ip(0.0.0.0) port(514));<br>
};<br>
<br>
destination send_http_logs { file("/var/log/web.log"); };<br>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
<b><br>
Client.conf</b><br>
<br>
options {<br>
sync (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
long_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log");<br>
internal();<br>
# udp(ip(0.0.0.0) port(514));<br>
};<br>
<br>
destination send_http_logs { udp("192.168.2.54" port(514)); };<br>
<br>
filter send_http_logs {<br>
program("httpd.*");<br>
};<br>
<br>
log {<br>
source(s_sys);<br>
filter(send_http_logs);<br>
destination(send_http_logs);<br>
};<br>
<br>
I restart the services and look for that web.log file and never see anything,
so any help is appreciated.</font><font size=2><tt>______________________________________________________________________________<br>
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<br>
FAQ: http://www.campin.net/syslog-ng/faq.html<br>
<br>
</tt></font>
<br>