Hi, I have set up a wondefull log server with syslog-ng, where I record every host separately.

suppose log server name is logserver.localdomain.it, the problem is that I get the logserver.localdomain.it directory but insede i get only messages and syslog file, if i fail a an authentication or what other I get no log about it.

someone can help me?

Thanks

This is part of configuration file:

options {
        long_hostnames(off);             
        sync(0);                                        # no line buffered: scriviamo subito
                                                        # forse sui client si può rimuovere
        create_dirs(yes);
        log_fifo_size(30000);                           # aumentiamo log_fifo_size per evitare il drop dei pacchetti,
        use_fqdn(yes);                                  # Inserisce gli host in formato Fully Qualified Domain Name
#        use_time_recvd(true);                           # nel caso di client con ora non sincronizzata
        };

source src {
        internal();
        pipe("/proc/kmsg");
        #file("/proc/kmsg" log_prefix("kernel: "));
        tcp(ip(192.168.xxx.yyy) port(514) max-connections(100));
        udp(ip(0.0.0.0) port(514));
        };


destination authlog { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/auth.log" owner("root") group("adm") perm(0640)); };
destination syslog { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/syslog" owner("root") group("adm") perm(0640)); };
destination cron { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/cron.log" owner("root") group("adm") perm(0640)); };
destination daemon { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/daemon.log" owner("root") group("adm") perm(0640)); };
destination kern { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/kern.log" owner("root") group("adm") perm(0640)); };
destination lpr { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/lpr.log" owner("root") group("adm") perm(0640)); };
destination mail { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/mail.log" owner("root") group("adm") perm(0640)); };
destination user { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/user.log" owner("root") group("adm") perm(0640)); };
destination uucp { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/uucp.log" owner("root") group("adm") perm(0640)); };


filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };


log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };

------------------------------------------------------------------------ INFOGROUP S.P.A                 http://www.infogroup.it ------------------------------------------------------------------------- DR. FIORENZI ALESSANDRO Consulente Tribunale Firenze - sicurezza informatica - Security Administrator Socio CLUSIT, ALSI Tel : +39.055.43.65.742 CE : +39.335.64.144.77 @Email : a.fiorenzi@infogroup.it PGP Key: http://www.infogroup.it/ds/fiorenzi.asc -------------------------------------------------------------------------             "Faber est suae quisque fortunae" -------------------------------------------------------------------------