<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div class="" style="">Hello all.</div><div class="" style="">I have a Windows Box that want to forward all Even logs to my Linux box. I install Snare on Windows(<span style="font-size: 12pt;" class="">172.30.10.19)</span><span style="font-size: 12pt;" class=""> and configure it to forward logs to Linux and my Linux box receive it properly. When I use " tcpdump udp "port 514" ", Tcpdump show me that Snare sending Logs to Linux but Syslog-ng can't write it to log files :(. I paste my syslog-ng configure :</span></div><div class="" style=""><br class="" style=""></div><div style="background-color: transparent;" class="">options {</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>flush_lines (0);</div><div style="background-color:
transparent;" class=""><span class="" style="white-space:pre">        </span>time_reopen (10);</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>log_fifo_size (1000);</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>long_hostnames (off);</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>use_dns (no);</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>use_fqdn (no);</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>create_dirs (no);</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>keep_hostname (yes);</div><div style="background-color: transparent;" class="">};</div><div style="background-color: transparent;" class=""><br class=""
style=""></div><div style="background-color: transparent;" class="">source s_sys {</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>file ("/proc/kmsg" program_override("kernel: "));</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>unix-stream ("/dev/log");</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>internal();</div><div style="background-color: transparent;" class=""><span class="" style="white-space:pre">        </span>#udp(ip(0.0.0.0) port(514));</div><div style="background-color: transparent;" class="">};</div><div style="background-color: transparent;" class=""><br class="" style=""></div><div style="background-color: transparent;" class=""><br class="" style=""></div><div style="background-color: transparent;" class="">#source s_net {</div><div style="background-color: transparent;"
class="">#udp (ip(172.30.10.19) port(514));</div><div style="background-color: transparent;" class="">#};</div><div style="background-color: transparent;" class="">source s_net { udp(); };</div><div style="background-color: transparent;" class="">filter f_openwrt { host("172.30.10.19");};</div><div style="background-color: transparent;" class="">destination df_openwrt { file("/var/log/winlog/win.log"); };</div><div style="background-color: transparent;" class="">log { source ( s_net ); filter( f_openwrt ); destination ( df_openwrt ); };</div><div style="background-color: transparent;" class=""><br class="" style=""></div><div style="background-color: transparent;" class=""><br class="" style=""></div><div style="background-color: transparent;" class="">destination d_cons { file("/dev/console"); };</div><div style="background-color: transparent;" class="">destination d_mesg { file("/var/log/messages"); };</div><div style="background-color: transparent;"
class="">destination d_auth { file("/var/log/secure"); };</div><div style="background-color: transparent;" class="">destination d_mail { file("/var/log/maillog" flush_lines(10)); };</div><div style="background-color: transparent;" class="">destination d_spol { file("/var/log/spooler"); };</div><div style="background-color: transparent;" class="">destination d_boot { file("/var/log/boot.log"); };</div><div style="background-color: transparent;" class="">destination d_cron { file("/var/log/cron"); };</div><div style="background-color: transparent;" class="">destination d_kern { file("/var/log/kern"); };</div><div style="background-color: transparent;" class="">destination d_mlal { usertty("*"); };</div><div style="background-color: transparent;" class=""><br class="" style=""></div><div style="background-color: transparent;" class="">filter f_kernel { facility(kern); };</div><div style="background-color: transparent;" class="">filter
f_default { level(info..emerg) and</div><div style="background-color: transparent;" class=""> not (facility(mail)</div><div style="background-color: transparent;" class=""> or facility(authpriv) </div><div style="background-color: transparent;" class=""> or facility(cron)); };</div><div style="background-color: transparent;" class="">filter f_auth { facility(authpriv); };</div><div style="background-color: transparent;" class="">filter f_mail { facility(mail); };</div><div style="background-color: transparent;" class="">filter f_emergency { level(emerg); };</div><div style="background-color: transparent;" class="">filter f_news
{ facility(uucp) or</div><div style="background-color: transparent;" class=""> (facility(news) </div><div style="background-color: transparent;" class=""> and level(crit..emerg)); };</div><div style="background-color: transparent;" class="">filter f_boot { facility(local7); };</div><div style="background-color: transparent;" class="">filter f_cron { facility(cron); };</div><div style="background-color: transparent;" class=""><br class="" style=""></div><div style="background-color: transparent;" class="">#log { source(s_sys); filter(f_kernel); destination(d_cons); };</div><div style="background-color: transparent;" class="">log { source(s_sys); filter(f_kernel); destination(d_kern); };</div><div style="background-color: transparent;" class="">log { source(s_sys);
filter(f_default); destination(d_mesg); };</div><div style="background-color: transparent;" class="">log { source(s_sys); filter(f_auth); destination(d_auth); };</div><div style="background-color: transparent;" class="">log { source(s_sys); filter(f_mail); destination(d_mail); };</div><div style="background-color: transparent;" class="">log { source(s_sys); filter(f_emergency); destination(d_mlal); };</div><div style="background-color: transparent;" class="">log { source(s_sys); filter(f_news); destination(d_spol); };</div><div style="background-color: transparent;" class="">log { source(s_sys); filter(f_boot); destination(d_boot); };</div><div style="background-color: transparent;" class="">log { source(s_sys); filter(f_cron); destination(d_cron); };</div><div style="background-color: transparent;" class=""><br class="" style=""></div><div style="background-color: transparent;" class=""># vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:</div><div class=""
style=""><br class="" style=""></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;" class=""><br class="" style=""></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;" class=""><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;" class="">Can you tell me how can I solve this problem? </div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;" class=""><br></div><div
style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal; background-color: transparent;" class="">Cheers.</div></div></body></html>