<div dir="ltr">Hi, <div><br></div><div>I am also have some issue compiling some of the modules. E.g. --enable-json</div><div>I have installed the necessary json rpm packages. Do I have to compile the libraries from source? I can see the lib in /usr/lib64 is there something im missing, do I have to point ./configure to the /usr/lib64 folder? If so how do i do it? </div><div><br></div><div>Yours Sincerely,</div><div>Delon Lee</div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, 7 May 2018 at 21:59 Gergely Nagy <<a href="mailto:algernon@balabit.com">algernon@balabit.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br>
<br>
>>>>> "vinod" == vinod samant <<a href="mailto:vinod.samant.123@gmail.com" target="_blank">vinod.samant.123@gmail.com</a>> writes:<br>
<br>
vinod> 1.first one is using command yum install syslog-ng , and it has been<br>
vinod> installed ,if this way is wright then what will be the client and server<br>
vinod> side configuration,Suppose<br>
<br>
The client should be configured to read the logs, the server to accept<br>
them and put them where you want 'em. See below for two simple examples.<br>
<br>
vinod> apache writing custom log on<br>
vinod> /usr/local/apache/logs/xyz_access_2018-05-07.log ,Client IP:- 10.10.64.1<br>
vinod> ,server IP:- 10.10.64.100.<br>
<br>
It looks like you're using files with dates in them, so you'll need a<br>
wildcard source. Something along these lines may serve as a starting<br>
point:<br>
<br>
------------------------- * -------------------------<br>
<br>
# client config<br>
<br>
@version: 3.15<br>
<br>
source s_apache {<br>
wildcard-file(<br>
base-dir("/usr/local/apache/logs");<br>
filename-pattern("*_access_*.log");<br>
flags(no-parse);<br>
);<br>
};<br>
<br>
destination d_central {<br>
network("10.0.0.1" port(1234));<br>
};<br>
<br>
log {<br>
source(s_apache);<br>
destination(d_central);<br>
};<br>
<br>
------------------------- * -------------------------<br>
<br>
# server config<br>
<br>
@version: 3.15<br>
<br>
source s_network {<br>
network(port(1234));<br>
};<br>
<br>
destination d_all {<br>
file("/var/log/all.log" template("${MSG}\n");<br>
};<br>
<br>
log {<br>
source(s_network);<br>
destination(d_all);<br>
};<br>
<br>
------------------------- * -------------------------<br>
<br>
If you want to have the same filename on the server side, that becomes a<br>
bit less trivial, but still doable. You'll have to transfer the filename<br>
too, and extract it on the server side.<br>
<br>
This should be doable, because the ${FILE_NAME} macro on the client<br>
contains the file a log line was read from, you can put this into the<br>
message sent to the server, where it can be extracted and used to<br>
construct the file the message gets saved to.<br>
<br>
The following thread might be of use if you want to go down this path:<br>
<a href="https://lists.balabit.hu/pipermail/syslog-ng/2015-March/021906.html" rel="noreferrer" target="_blank">https://lists.balabit.hu/pipermail/syslog-ng/2015-March/021906.html</a><br>
<br>
I also recommend reading - or at least browsing the relevant parts of -<br>
the syslog-ng administrator's guide. It has a lot of helpful information<br>
about the configuration file syntax, options, and whatnot:<br>
<a href="https://syslog-ng.com/documents/html/syslog-ng-ose-3.14-guides/en/syslog-ng-ose-guide-admin/html/index.html" rel="noreferrer" target="_blank">https://syslog-ng.com/documents/html/syslog-ng-ose-3.14-guides/en/syslog-ng-ose-guide-admin/html/index.html</a><br>
<br>
vinod> 2. Second i have downloaded tar.gz file form github and trying to install<br>
vinod> ,But i am facing lots of dependency problem.<br>
<br>
vinod> Can you explain difference between both way installation which i am triyng<br>
vinod> ?<br>
<br>
If you install from a binary package, you won't have to compile<br>
anything. But you are limited to the version of syslog-ng your<br>
distribution ships with (unless you use a third-party repository, which<br>
you don't appear to be using). When compiling from source, you'll need<br>
plenty of development tools - I'd recommend checking out the<br>
docker-based building solution Laszlo Budai mentioned in his reply:<br>
<a href="https://github.com/balabit/syslog-ng/blob/master/dbld/images/centos6.dockerfile" rel="noreferrer" target="_blank">https://github.com/balabit/syslog-ng/blob/master/dbld/images/centos6.dockerfile</a><br>
<br>
This should make it a *lot* easier to compile from source, as it has all<br>
the dependencies already installed. There are some notes on how to use<br>
the Dockerfile here:<br>
<a href="https://github.com/balabit/syslog-ng/tree/master/dbld" rel="noreferrer" target="_blank">https://github.com/balabit/syslog-ng/tree/master/dbld</a><br>
<br>
The main difference between source and binary package is like the<br>
difference between a recipe and a finished dish: if you have the recipe<br>
(source), the ingredients and tools (dependencies, compiler, etc), then<br>
you can cook the dish (binary package). Or you can order (download) the<br>
finshed food (binary package), where someone else did the cooking for<br>
you. :)<br>
<br>
-- <br>
|8]<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>