I have this on my server that included "notice"
filter f_at_least_warn {# level(warn..emerg);# level(notice..emerg);level(info, notice, warn, crit, err, debug);};
and this on my client:
#sent to our central log server running eventdb #cfernandezdestination loghost { udp("192.168.xxx.xxx" port(514)); };log { source(src); filter(f_info); destination(loghost); };log { source(src); filter(f_emergency); destination(loghost); };log { source(src); filter(f_notice); destination(loghost); };log { source(src); filter(f_warn); destination(loghost); };log { source(src); filter(f_crit); destination(loghost); };log { source(src); filter(f_err); destination(loghost); };
that also includes notice..
2011/9/19 rek2 <rek2gnulinux@gmail.com>
oh sorry Im used to list that will reply by defaul to the list. sorry about that..I think I get what you mean..so in the clients and in the server log I have to have similar filters ?
Thanks
2011/9/19 Patrick H. <syslogng@feystorm.net>
Seriously, dont remove the mailing list from the recipients. Others may catch things I miss, or I might be gone for a while, but someone else is around.
That filter you have only logs warning through emerg, while by default logger uses notice, which is below warning.
-Patrick
Sent: Mon Sep 19 2011 15:26:05 GMT-0600 (MST)
From: rek2 <rek2gnulinux@gmail.com>
To: Patrick H. <syslogng@feystorm.net>
Subject: Re: [syslog-ng] Problem sending logs to central log server..ops! I forgot to uncoment that as well sorry.. so basically do I have everything else ok?the thing is also that after I migrated to syslog-ng in the BSD things are not logging to their placein /var/log either Im getting most of the stuff on the /var/log/syslog even tho as you can see in my other emails the default config already define the destinations for auth etc...
2011/9/19 Patrick H. <syslogng@feystorm.net>
Dont forget to leave the mailing list on the list of recips :-)
Anyway, its still commented out in your log {} block. If the log block has no source, it wont log anything.-Patrick
log {# source(src_eventdb);filter(f_at_least_warn);# filter(f_syslog);destination(d_eventdb);};
Sent: Mon Sep 19 2011 14:43:08 GMT-0600 (MST) To: Patrick H. <syslogng@feystorm.net>
Subject: Re: [syslog-ng] Problem sending logs to central log server..Hi Patrick, thanks for your reply, yes you right sorry I did the copy and paste before I uncomented some lines since Im testing here and there..
this is how I have it now.. the last part:
#syslog-ng2mysql destinations
source src_eventdb {unix-stream("/dev/log");udp(ip(0.0.0.0) port(514));};
destination d_eventdb {pipe("/usr/local/icinga/var/rw/syslog-ng.pipe",template("$HOST\t$SOURCEIP\t$PRI\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")template_escape(no));};
filter f_at_least_warn {# level(warn..emerg);# level(notice..emerg);level(info, notice, warn, crit, err, debug);};
log {# source(src_eventdb);filter(f_at_least_warn);# filter(f_syslog);destination(d_eventdb);};
#log {# source(src_eventdb);# filter(f_auth);# destination(d_eventdb);#};
2011/9/19 Patrick H. <syslogng@feystorm.net>
In your server config, the only listener you have on udp port 514 is defined in src_eventdb, and all src_eventdb entries are commented out.
-Patrick
Sent: Mon Sep 19 2011 11:40:15 GMT-0600 (MST)
From: rek2 <rek2gnulinux@gmail.com>
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng] Problem sending logs to central log server..Hello, I'm trying to sent all my logs from one openbsd server with syslog-ng to a linux ubuntu central log server also with syslog-ng of course but only the syslog-ng logs are been logged..also when I do a "logger test" for example it gets log locally but not remotely to the log server...here are my configs:
for the log server is basically the defaul of ubuntu with my addtions at the end.. you will seesome commented is me trying to fix this issue.<SNIP>