Dear I still have a problem, the following is my configuration file that realated with remote IP's ====================================================================================== ====================================================================================== # Remote logging source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); }; destination d_separatedbyhosts { file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); }; log { source(s_remote); destination(d_separatedbyhosts); }; #============================================================== #Filtration for SME Alerts source s_remote { tcp(ip(163.121.189.131) port(514)); udp(ip(163.121.189.131) port(514)); }; destination syslogmail { program("/usr/local/bin/syslog-mail-perl"); }; log { source(r_remote); destination(syslogmail); }; #====================================================================================== #====================================================================================== The first part is the original for all remote IP's and It's working good The second is the part of the IP that I want to filter When I restart It gave m ethe following error WARNING: file source: default value of follow_freq in file sources is changing in 3.0 to '1' for all files except /proc/kmsg; Error in configuration, unresolved source reference; source='r_remote' Could u please help me in that Thanks
Date: Wed, 1 Jul 2009 15:41:59 +0200 From: Siem.Korteweg@qnh.nl To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng] Send a specific log by email
I guess that removing the filter statement (and restarting syslog-ng) is sufficient.
regards,
Siem Korteweg
-----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens Reaky Rok Verzonden: wo 1-7-2009 15:27 Aan: syslog-ng@lists.balabit.hu Onderwerp: Re: [syslog-ng] Send a specific log by email
But I think as per the example the syslog will just send the log if it match specific string like ( attackalert ) in the example, But I want it send all new logs from this IP when comming without matching a specific string or word, Can you help in this ?
_________________________________________________________________ Show them the way! Add maps and directions to your party invites. http://www.microsoft.com/windows/windowslive/products/events.aspx