<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>So what syslog-ng config changes should i make ???</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV>Add<BR><BR>--- On <B>Wed, 10/11/10, add gy <I><addyg420@yahoo.com></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>From: add gy <addyg420@yahoo.com><BR>Subject: [syslog-ng] Not able to recive all syslog messages<BR>To: syslog-ng@lists.balabit.hu<BR>Date: Wednesday, 10 November, 2010, 1:34 PM<BR><BR>
<DIV id=yiv1822046420>
<TABLE border=0 cellSpacing=0 cellPadding=0>
<TBODY>
<TR>
<TD vAlign=top>
<DIV>Hi,</DIV>
<DIV> </DIV>
<DIV>I have installed syslog-ng on RHEL server as log host server for 250 router , switches but some time i recive messages some times i dont , when i check it on other syslog server on windows i revice syslog messages with any problem. </DIV>
<DIV> </DIV>
<DIV>Request to please review syslog-ng config file and give some suggetion.</DIV>
<DIV> </DIV>
<DIV>config file</DIV>
<DIV>-------------------------------------------------------------------------------------------------------------------------</DIV>
<DIV> </DIV>
<DIV># configuration file for syslog-ng, customized for remote logging<BR>#</DIV>
<DIV>source s_internal { internal(); };<BR>destination d_syslognglog { file("/var/log/syslog-ng.log"); };<BR>log { source(s_internal); destination(d_syslognglog); };</DIV>
<DIV># Local sources, filters and destinations are commented out<BR># If you want to replace sysklogd simply uncomment the following<BR># parts and disable sysklogd<BR>#<BR># Local sources<BR>#<BR>#source s_local {<BR># unix-dgram("/dev/log");<BR># file("/proc/kmsg" log_prefix("kernel:"));<BR>#};<BR>#<BR># Local filters<BR>#<BR>#filter f_messages { level(info..emerg); };<BR>#filter f_secure { facility(authpriv); };<BR>#filter f_mail { facility(mail); };<BR>#filter f_cron { facility(cron); };<BR>#filter f_emerg { level(emerg); };<BR>#filter f_spooler { level(crit..emerg) and facility(uucp, news); };<BR>#filter f_local7 { facility(local7); };<BR>#<BR># Local destinations<BR>#<BR>#destination d_messages { file("/var/log/messages"); };<BR>#destination d_secure { file("/var/log/secure"); };<BR>#destination d_maillog { file("/var/log/maillog"); };<BR>#destination d_cron {
file("/var/log/cron"); };<BR>#destination d_console { usertty("root"); };<BR>#destination d_spooler { file("/var/log/spooler"); };<BR>#destination d_bootlog { file("/var/log/boot.log"); };<BR>#<BR># Local logs - order DOES matter !<BR>#<BR>#log { source(s_local); filter(f_emerg); destination(d_console); };<BR>#log { source(s_local); filter(f_secure); destination(d_secure); flags(final); };<BR>#log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); };<BR>#log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };<BR>#log { source(s_local); filter(f_spooler); destination(d_spooler); };<BR>#log { source(s_local); filter(f_local7); destination(d_bootlog); };<BR>#log { source(s_local); filter(f_messages); destination(d_messages); };</DIV>
<DIV><BR># Remote logging<BR>source s_remote {<BR> tcp(ip(0.0.0.0) port(514));<BR> udp(ip(0.0.0.0) port(514));<BR>};</DIV>
<DIV>destination d_separatedbyhosts {<BR> file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0655) dir_perm(0744) create_dirs(yes));<BR>};</DIV>
<DIV>log { source(s_remote); destination(d_separatedbyhosts); };<BR></DIV>
<DIV>------------------------------------------------------------------------------------------------------------------------</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV>Add</DIV></TD></TR></TBODY></TABLE><BR></DIV><BR>-----Inline Attachment Follows-----<BR><BR>
<DIV class=plainMail>______________________________________________________________________________<BR>Member info: <A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>Documentation: <A href="http://www.balabit.com/support/documentation/?product=syslog-ng" target=_blank>http://www.balabit.com/support/documentation/?product=syslog-ng</A><BR>FAQ: <A href="http://www.campin.net/syslog-ng/faq.html" target=_blank>http://www.campin.net/syslog-ng/faq.html</A><BR><BR></DIV></BLOCKQUOTE></td></tr></table><br>