<div dir="auto">Hi,<div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Couple of notes:</div><div dir="auto"><br></div><div dir="auto">* When reading messages from a file, you are using flags(no-parse) which means that you will not have facility information. I dont see that you need the filter at all, as you are using dedicated destinations. I think that filter can be removed.</div><div dir="auto">* you dont need separate destinations to each file, just use one destination and connect both sources to it</div><div dir="auto">* If you run syslog-ng in foreground and enable debug mode it emits information about messages entering and leaving</div><div dir="auto">* 3.6 is ancient, not to mention 2.0.9, you should probably upgrade</div></div><div class="gmail_extra"><br><div class="gmail_quote">On May 22, 2018 04:08, "Song, Young" <<a href="mailto:young.song@sap.com">young.song@sap.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="m_5709394375201911576WordSection1">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Hi,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I’m trying to send various flat files to a central syslog-ng server.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">So, I have the following setups but somehow using the “local1” and “local2” facilities don’t work, although no errors when restarting syslog services on both client & server.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Any advice would be appreciated much!<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">==============================<wbr>==============================<wbr>===========<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b>My syslog-ng CLIENT (running syslog-ng 3.6.2):<u></u><u></u></b></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">source s_file1 { file("/var/log/syslog/file1.<wbr>log" follow-freq(1) flags(no-parse) program_override("audit")); };<u></u><u></u></p>
<p class="MsoNormal">filter f_file1 { facility(local1); };<u></u><u></u></p>
<p class="MsoNormal">destination d_file1 { syslog("10.10.10.10" transport("udp") port(514)); };<u></u><u></u></p>
<p class="MsoNormal">log { source(s_file1); filter(f_file1); destination(d_file1); };<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">source s_file2 { file("/var/log/syslog/file2.<wbr>log" follow-freq(1) flags(no-parse) program_override("audit")); };<u></u><u></u></p>
<p class="MsoNormal">filter f_file2 { facility(local2); };<u></u><u></u></p>
<p class="MsoNormal">destination d_file2 { syslog("10.10.10.10" transport("udp") port(514)); };<u></u><u></u></p>
<p class="MsoNormal">log { source(s_file2); filter(f_file2); destination(d_file2); };<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">==============================<wbr>==============================<wbr>============<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b>My syslog-ng SERVER (10.10.10.10 – running syslog-ng 2.0.9):<u></u><u></u></b></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">destination d_file1 { file ("/var/log/syslogs/file1-$<wbr>YEAR$MONTH$DAY.log" owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes)); };<u></u><u></u></p>
<p class="MsoNormal">filter f_file1 { facility(local1); };<u></u><u></u></p>
<p class="MsoNormal">log { source(remote); filter(f_file1); destination(d_file1); };<u></u><u></u></p>
<p class="MsoNormal"><b><u></u> <u></u></b></p>
<p class="MsoNormal">destination d_file2 { file ("/var/log/syslogs/file2-$<wbr>YEAR$MONTH$DAY.log" owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes)); };<u></u><u></u></p>
<p class="MsoNormal">filter f_file2 { facility(local2); };<u></u><u></u></p>
<p class="MsoNormal">log { source(remote); filter(f_file2); destination(d_file2); };<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">- Young<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div></div>