<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
Dear I still have a problem, the following is my configuration file that realated with remote IP's<br><br>======================================================================================<br>======================================================================================<br><br># Remote logging<br>source s_remote {<br> tcp(ip(0.0.0.0) port(514));<br> udp(ip(0.0.0.0) port(514));<br>};<br><br>destination d_separatedbyhosts {<br> file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));<br>};<br><br>log { source(s_remote); destination(d_separatedbyhosts); };<br><br>#==============================================================<br>#Filtration for SME Alerts<br>source s_remote { <br> tcp(ip(163.121.189.131) port(514));<br> udp(ip(163.121.189.131) port(514));<br>};<br><br>destination syslogmail { program("/usr/local/bin/syslog-mail-perl"); };<br>log { source(r_remote); destination(syslogmail); };<br><br>#======================================================================================<br>#======================================================================================<br>The first part is the original for all remote IP's and It's working good<br>The second is the part of the IP that I want to filter <br>When I restart It gave m ethe following error<br><br>WARNING: file source: default value of follow_freq in file sources is changing in 3.0 to '1' for all files except /proc/kmsg;<br>Error in configuration, unresolved source reference; source='r_remote'<br><br>Could u please help me in that<br>Thanks<br><br><br>> Date: Wed, 1 Jul 2009 15:41:59 +0200<br>> From: Siem.Korteweg@qnh.nl<br>> To: syslog-ng@lists.balabit.hu<br>> Subject: RE: [syslog-ng] Send a specific log by email<br>> <br>> I guess that removing the filter statement (and restarting syslog-ng) is sufficient.<br>> <br>> regards,<br>> <br>> Siem Korteweg<br>> <br>> <br>> -----Oorspronkelijk bericht-----<br>> Van: syslog-ng-bounces@lists.balabit.hu namens Reaky Rok<br>> Verzonden: wo 1-7-2009 15:27<br>> Aan: syslog-ng@lists.balabit.hu<br>> Onderwerp: Re: [syslog-ng] Send a specific log by email<br>> <br>> <br>> But I think as per the example the syslog will just send the log if it match specific string like ( attackalert ) in the example, But I want it send all new logs from this IP when comming without matching a specific string or word, Can you help in this ?<br><br /><hr />See all the ways you can stay connected <a href='http://www.microsoft.com/windows/windowslive/default.aspx' target='_new'>to friends and family</a></body>
</html>