I’m trying to tune syslog-ng 3.3.3.

My first attempt is to use the log_fetch_limit parameter, but I’m running into the problem of where to define it!

The Admin guide says I can put it in the global options{}, but that generates and error saying it has been taken out of the global area and needs to be specified by the source and I can’t seem to find the correct source syntax.

 

My config (pared down):

@version: 3.3

@include "scl.conf"

 

options {

#       log_fetch_limit(100);

        };

 

source s_local {

        system();

        internal();

};

 

#############################################################################

# Service all

filter f_all_pgm_01{program("*" type("glob"));};

filter f_all_lvl_01.01{level(info..emerg)};

destination d_all_01{file("/var/log/system.log" suppress(30));};

log {

        source(s_local);

        filter(f_all_pgm_01);

        filter(f_all_lvl_01.01);

        destination(d_all_01);

        };

 

I’ve tried putting it in:

source s_local{ system( log_fetch_limit(100); ); ...};

source s_local{ system(); ... log_fetch_limit(100); };

log{ source(s_local log_fetch_limit(100);); ... };

each generate a ‘syslog-ng[1567]: Error parsing configuration;’ error.

Any ideas on *where* I should put it?

 

Thanks,

Chris

----------------------------------------

Christopher Johnson

chris.johnson3@hp.com

HP Software - Security Product Group

(916) 785-2817

----------------------------------------