I still cant get it to work. this is the problem output again....it doesnt identify remote source of log.... Dec 27 18:21:20 src@suselog syslog-ng[19442]: syslog-ng version 1.6.2 going down Dec 27 18:21:20 src@suselog syslog-ng[19532]: syslog-ng version 1.6.2 starting Dec 27 18:21:25 src@suselog kernel: klogd 1.4.1, log source = /proc/kmsg started. Dec 27 18:21:36 suselog/suselog su(pam_unix)[25213]: authentication failure; logname=syss555 uid=500 euid=0 tty=pts/10 ruser=syss555 rhost= user=root --below are some config settings-- suselog:/etc/sysconfig # more syslog I restart syslog via # The name of the syslog daemon used as # syslog service: "syslogd", "syslog-ng" # SYSLOG_DAEMON="syslog-ng" suselog:/etc/syslog-ng # more syslog-ng.conf note- I do edit this file and do not use suseconfig...... # /etc/syslog-ng/syslog-ng.conf # # Automatically generated by SuSEconfig on Thu Dec 15 19:31:03 EST 2005. # # PLEASE DO NOT EDIT THIS FILE! # # you can modify /etc/syslog-ng/syslog-ng.conf.in instead # # # File format description can be found in syslog-ng.conf(5). # options { keep_hostname(no); chain_hostnames(yes); use_dns(no); sync(0); }; # # 'src' is our main source definition. you can add # more sources driver definitions to it, or define # your own sources, i.e.: # #source my_src { .... }; source lan_tcp { tcp(ip(127.0.0.1) port(1999) max-connections(10)); }; source lan_udp { udp(); }; source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # unix-dgram("/dev/log"); unix-dgram("/var/lib/ntp/dev/log"); # # uncomment to process log messages from network: # #udp(ip("0.0.0.0") port(514)); }; Is there a way to dump the current log settings? or obtain them on startup of Syslog-NG? Balazs Scheidler <bazsi@balabit.hu > To Syslog-ng users' and developers' Sent by: mailing list syslog-ng-bounces <syslog-ng@lists.balabit.hu> @lists.balabit.hu cc Subject 12/27/2005 11:20 Re: [syslog-ng] rhost field AM Please respond to Syslog-ng users' and developers' mailing list <syslog-ng@lists. balabit.hu> keep_hostname(no) use_dns(no) On Tue, 2005-12-27 at 09:56 -0500, ken.schweiker@faa.gov wrote:
I am using syslog-ng for the first time. The initial setup is complete
and
appears to be working ok. However in my test environment, I am logging from a redhat desktop using syslog to a suse syslog-ng server. The output, after I deliberately input an incorrect password on my workstation doing a 'su', gets reported to the syslog-ng server as .......
Dec 23 17:50:12 suselog/suselog su(pam_unix)[13205]: authentication failure; logname=syss555 uid=500 euid=0 tty=pts/4 ruser=syss555 rhost= user=root
How do I get it to display in the log the host(IP) the message came from?
-- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html