<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
I modefied it and it gave me the following result after restarting :<br><br>Error binding socket; addr='AF_INET(163.121.189.131:514)', error='Cannot assign requested address (99)'<br>Error initializing source driver; source='s_remote', id='s_remote#0'<br>Error initializing message pipeline;<br> [FAILED]<br><br>I s it possible that this's becuese I used the same source name in the first part of configuration ?<br><br>> Date: Thu, 2 Jul 2009 10:19:40 +0200<br>> From: Siem.Korteweg@qnh.nl<br>> To: syslog-ng@lists.balabit.hu<br>> Subject: RE: [syslog-ng] Send a specific log by email<br>> <br>> Correct the name of the source in the log-statement. You defined source s_remote and used r_remote in the log definition.<br>> <br>> regards,<br>> <br>> Siem Korteweg<br>> <br>> -----Oorspronkelijk bericht-----<br>> Van: syslog-ng-bounces@lists.balabit.hu namens Reaky Rok<br>> Verzonden: do 2-7-2009 10:13<br>> Aan: syslog-ng@lists.balabit.hu<br>> Onderwerp: Re: [syslog-ng] Send a specific log by email<br>> <br>> <br>> Dear I still have a problem, the following is my configuration file that realated with remote IP's<br>> <br>> ======================================================================================<br>> ======================================================================================<br>> <br>> # Remote logging<br>> source s_remote {<br>> tcp(ip(0.0.0.0) port(514));<br>> udp(ip(0.0.0.0) port(514));<br>> };<br>> <br>> destination d_separatedbyhosts {<br>> file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));<br>> };<br>> <br>> log { source(s_remote); destination(d_separatedbyhosts); };<br>> <br>> #==============================================================<br>> #Filtration for SME Alerts<br>> source s_remote {<br>> tcp(ip(163.121.189.131) port(514));<br>> udp(ip(163.121.189.131) port(514));<br>> };<br>> <br>> destination syslogmail { program("/usr/local/bin/syslog-mail-perl"); };<br>> log { source(r_remote); destination(syslogmail); };<br>> <br>> #======================================================================================<br>> #======================================================================================<br>> The first part is the original for all remote IP's and It's working good<br>> The second is the part of the IP that I want to filter<br>> When I restart It gave m ethe following error<br>> <br>> WARNING: file source: default value of follow_freq in file sources is changing in 3.0 to '1' for all files except /proc/kmsg;<br>> Error in configuration, unresolved source reference; source='r_remote'<br>> <br>> Could u please help me in that<br>> Thanks<br>> <br>> <br>> > Date: Wed, 1 Jul 2009 15:41:59 +0200<br>> > From: Siem.Korteweg@qnh.nl<br>> > To: syslog-ng@lists.balabit.hu<br>> > Subject: RE: [syslog-ng] Send a specific log by email<br>> ><br>> > I guess that removing the filter statement (and restarting syslog-ng) is sufficient.<br>> ><br>> > regards,<br>> ><br>> > Siem Korteweg<br>> ><br>> ><br>> > -----Oorspronkelijk bericht-----<br>> > Van: syslog-ng-bounces@lists.balabit.hu namens Reaky Rok<br>> > Verzonden: wo 1-7-2009 15:27<br>> > Aan: syslog-ng@lists.balabit.hu<br>> > Onderwerp: Re: [syslog-ng] Send a specific log by email<br>> ><br>> ><br>> > But I think as per the example the syslog will just send the log if it match specific string like ( attackalert ) in the example, But I want it send all new logs from this IP when comming without matching a specific string or word, Can you help in this ?<br>> <br>> _________________________________________________________________<br>> Show them the way! Add maps and directions to your party invites.<br>> http://www.microsoft.com/windows/windowslive/products/events.aspx<br>> <br><br /><hr />Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! <a href='http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us' target='_new'>Try it!</a></body>
</html>