<div>Hi</div>
<div> </div>
<div>Am using syslog-ng 1.6.8, and syslogd 1.4.1.</div>
<div>few lines from logs are</div>
<div> </div>
<div>Apr 21 08:54:59 xxx.xxx.xxx.xxx zzziper 86 [<a href="http://local0.info">local0.info</a>] zzziper: 2010-04-21 08:59:58 - zzziperSA-2 - [yyy.yyy.yyy.yyy] a.rico(RD Employee)[Outlook WEB Access Spain, Network Connect VPN Users] - Web SSO: Authentication successful. Credential Used: UserUID: xxx, Username: xxx, BasicHash: XXXXXX, Auth Type: (2) BasicAuth, Cred Type: (1) Variable Credential, Target: zzz.zzz.zzz.zzz, Password: XXXXXX, Policy Auth: (2) BasicAuth, Cred Label: BA_Upg_6,</div>
<div><br>Apr 21 08:54:59 xxx.xxx.xxx.xxx zzziper 86 [<a href="http://local0.info">local0.info</a>] zzziper: 2010-04-21 08:59:58 - JuniperSA-2 - [yyy.yyy.yyy.yyy] a.rico(RD Employee)[Outlook WEB Access Spain, Network Connect VPN Users] - WebRequest completed, POLL to <a href="http://192.168.8.11//exchange/a.rico/Inbox">http://<font color="#000000">yyy.yyy.yyy.yyy</font>//exchange/a.rico/Inbox</a> from yyy.yyy.yyy.yyy result=207 sent=36 received=292 in 1 seconds<br>
<br></div>
<div class="gmail_quote">On Tue, Apr 20, 2010 at 4:10 PM, Sandor Geller <span dir="ltr"><<a href="mailto:Sandor.Geller@morganstanley.com">Sandor.Geller@morganstanley.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hi,<br>
<div>
<div></div>
<div class="h5"><br>On Tue, Apr 20, 2010 at 12:15 PM, abhay singh <<a href="mailto:abhay.asingh@gmail.com">abhay.asingh@gmail.com</a>> wrote:<br>> I have made that changes and restarted syslog services even though its not<br>
> working///<br>> Now its like this<br>><br>> options {<br>> long_hostnames(off);<br>> sync(0);<br>> perm(0640);<br>> stats(3600);<br>> keep_hostname(yes);<br>
> };<br>> source s_external {<br>> udp(port(514));<br>> #udp(ip("192.168.114.129") port(514));<br>> #udp(ip("0.0.0.0") port(514));<br>> }; # Specific<br>> source s_stunnel {<br>
> tcp(ip("127.0.0.1")<br>> port(514)<br>> max-connections(1));<br>> };<br>> destination d_external { file("/data/extract/syslogs/$HOST_syslog.log" \<br>> owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)<br>
> template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n")<br>> );<br>> };<br>><br>> destination d_stunnel{ file("/data/extract/syslogs/$HOST/$HOST_syslog.log" \<br>
> owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)<br>> template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n")<br>> );<br>> };<br>><br>> log { source(s_external); destination(d_external); };<br>
> log { source(s_stunnel); destination(d_stunnel); };<br><br></div></div>Could you show a few logged lines? Which version of syslog-ng you're using?<br><br>$HOST should remain blank only when syslog-ng failed to parse the<br>
hostname part of the log. BTW it's better to use ${HOST} instead of<br>plain $HOST especially when there are no delimeters around the macro.<br><br>Regards,<br><font color="#888888"><br>Sandor<br></font>
<div>
<div></div>
<div class="h5">______________________________________________________________________________<br>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br></div></div></blockquote></div><br><br clear="all"><br>-- <br>Regards..<br>Abhay Singh..<br>91-98804-55587<br>Sr. Software Engineer.<br>Robust Designs India Pvt Ltd.<br>Bangalore<br>