What are you running on? Your source in src looks a little strange. Most sources are something like /dev/log. What is coming in to /var/run/log? Do you have something putting log messages into a file? Drew
-----Original Message----- From: maillist [SMTP:maillist@krel.org] Sent: Tuesday, May 30, 2000 11:21 PM To: syslog-ng@venus.terrasoft.hu Subject: [syslog-ng] ipfw logging
hi, ive been trying for two days to log ipfw messages to separate file and with no success. as soon as i turn on old syslogd with !ipfw *.* /var/log/ipfw it works but syslog-ng with: source src { unix-dgram("/var/run/log"); udp(); internal(); } destination ipfw { file("/var/log/ipfw.log"); }; filter f_ipfw { program("ipfw"); }; log { source(src); filter("f_ipfw"); destination("ipfw"); }; just doesnt catch anything, all the messages from ipfw appear on console, but not in any file, even not in all.log!
here is my full config: # options options { long_hostnames(off); sync(0); };
# sources source src { unix-dgram("/var/run/log"); udp(); internal(); }; source src2 { unix-dgram("/var/run/log2"); udp(ip(xxx.xxx.xxx.xxx) port(514)); };
# destinations destination messages { file("/var/log/messages"); }; destination security { file("/var/log/security"); }; destination maillog { file("/var/log/maillog"); }; destination lpd-errs { file("/var/log/lpd-errs"); }; destination cron { file("/var/log/cron"); }; destination all { file("/var/log/all.log"); }; destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); }; destination slip { file("/var/log/slip.log"); }; destination ppp { file("/var/log/ppp.log"); }; destination console { file("/dev/console"); }; destination root { usertty("root"); }; destination allusers { usertty("*"); }; destination rogue { file("/var/log/rogue"); }; destination cobalt { file("/var/log/cobalt"); }; destination cisco { file("/var/log/cisco"); }; destination voyager { file("/var/log/voyager"); }; destination lists { file("/var/log/lists"); }; destination lists_m { file("/var/log/lists.sendmail"); }; destination apollo { file("/var/log/apollo"); }; destination samson { file("/var/log/samson"); }; destination samson_d { file("/var/log/samson.bind"); }; destination bugsy { file("/var/log/bugsy"); }; #destination loghost { udp("loghost" port(514)); }; destination goblin { file("/var/log/goblin"); }; destination allsec { file("/var/log/allsec"); }; destination samson.named { file("/var/log/named"); }; destination ipfw { file("/var/log/ipfw.log"); };
# log facility filters filter f_auth { facility(auth); }; filter f_authpriv { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_security { facility(security); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_local0 { facility(local0); }; filter f_local1 { facility(local1); }; filter f_local2 { facility(local2); }; filter f_local3 { facility(local3); }; filter f_local4 { facility(local4); }; filter f_local5 { facility(local5); }; filter f_local6 { facility(local6); }; filter f_local7 { facility(local7); };
# log host filters filter h_rogue { host("rogue"); }; filter h_cobalt { host("www"); }; filter h_cisco { host("cisco"); }; filter h_voyager { host("voyager"); }; filter h_lists { host("lists"); }; filter h_apollo { host("apollo"); }; filter h_samson { host("samson"); }; filter h_bugsy { host("bugsy"); }; filter h_goblin { host("goblin"); };
# log level filters filter f_emerg { level(emerg); }; filter f_alert { level(alert..emerg); }; filter f_crit { level(crit..emerg); }; filter f_err { level(err..emerg); }; filter f_warning { level(warning..emerg); }; filter f_notice { level(notice..emerg); }; filter f_info { level(info..emerg); }; filter f_debug { level(debug..emerg); };
# program filters filter f_ppp { program("ppp"); }; filter f_slip { program("startslip"); }; filter f_send { program("sendmail"); }; filter nf_send { not program("sendmail"); }; filter f_bind { program("named"); }; filter nf_bind { not program("named"); }; filter f_ipfw { program("ipfw"); }; #filter nf_ipfw { not program("ipfw"); };
log { source(src2); filter("f_ipfw"); destination("ipfw"); };
# *.err;kern.debug;auth.notice;mail.crit /dev/console log { source(src); filter(f_err); destination(console); }; log { source(src); filter(f_kern); filter(f_debug); destination(console); }; log { source(src); filter(f_auth); filter(f_notice); destination(console); }; log { source(src); filter(f_mail); filter(f_crit); destination(console); };
# *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages log { source(src); filter(f_notice); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; log { source(src); filter(f_mail); filter(f_crit); destination(messages); }; log { source(src); filter(f_news); filter(f_err); destination(messages); };
# security.* /var/log/security log { source(src); filter(f_security); destination(security); };
# mail.info /var/log/maillog log { source(src); filter(f_mail); filter(f_info); destination(maillog); };
# lpr.info /var/log/lpd-errs log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };
# cron.* /var/log/cron log { source(src); filter(f_cron); destination(cron); };
# *.err root log { source(src); filter(f_err); destination(root); };
# *.notice;news.err root log { source(src); filter(f_notice); destination(root); }; log { source(src); filter(f_news); filter(f_err); destination(root); };
# *.alert root log { source(src); filter(f_alert); destination(root); };
# *.emerg * log { source(src); filter(f_emerg); destination(allusers); };
# uncomment this to enable logging of all log messages to /var/log/all.log # *.* /var/log/all.log log { source(src); destination(all); };
# uncomment this to enable logging to a remote loghost named loghost # *.* @loghost #log { source(src); destination(loghost); };
# news.err /var/log/news/news.err # news.notice /var/log/news/news.notice # #log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; #log { source(src); filter(f_news); filter(f_err); destination(newserr); }; #log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
log { source("src2"); filter("h_rogue"); destination("rogue"); }; log { source("src2"); filter("h_cobalt"); destination("cobalt"); }; log { source("src2"); filter("h_cisco"); destination("cisco"); }; log { source("src2"); filter("h_voyager"); destination("voyager"); }; log { source("src2"); filter("h_lists"); filter("f_send"); destination("lists_m"); }; log { source("src2"); filter("h_lists"); filter("nf_send"); destination("lists"); }; log { source("src2"); filter("h_apollo"); destination("apollo"); }; log { source("src2"); filter("h_samson"); filter("f_bind"); destination("samson_d"); }; log { source("src2"); filter("h_samson"); filter("nf_bind"); destination("samson"); }; log { source("src2"); filter("h_bugsy"); destination("bugsy"); }; log { source("src2"); filter("h_goblin"); destination("goblin"); }; log { source("src2"); filter("f_security"); destination("allsec"); };
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/syslog-ng