On Wed, Nov 06, 2002 at 05:53:32PM +0100, Stefano Tanfoglio wrote:
I am Stefano Tanfoglio, I work from one bank in Italy. I use syslog-ng for archive the log of 176 computer. ( 2 router - 125 windows server - 51 linux server ).
In Windows server i use ntsyslog service.
protocol = udp destination server = ip syslog-ng server destination port = 514
Ntsyslog send all log
In Linux server i use the syslog
auth.* @syslog01.xxxx.it authpriv.* @syslog01.xxxx.it kernel.=err;kernel.=warn @syslog01.xxxx.it mail.=err;mail.=warn @syslog01.xxxx.it daemon.=err;daemon.=warn @syslog01.xxxx.it local7.=err;local7.=warn @syslog01.xxxx.it ... ...
Configuratione syslong-ng.conf: Versione: syslog-ng-1.4.14-2mdk
options { sync (0); time_reopen (10); log_fifo_size (3000); long_hostnames (on); use_dns (yes); use_fqdn (yes); create_dirs (yes); keep_hostname (yes); };
source remote { udp(); };
destination linux { file("/var/log/HOSTS/LINUX/$HOST/$FACILITY" dir_perm(0755) perm(0655)); }; destination windows { file("/var/log/HOSTS/WINDOWS/$HOST/$FACILITY" dir_perm(0755) perm(0655)); }; destination router { file("/var/log/HOSTS/ROUTER/$HOST/$FACILITY" dir_perm(0755) perm(0655)); };
filter f_linux { host("name1.domain.tld|name2.domain.tld|name3.domain.tld|...........|51"); } ;
filter f_windows { host("name1.domain.tld|name2.domain.tld|name3.domain.tld|...........|125"); };
filter f_router { host("name1.domain.tld|name2.domain.tld"); };
log { source(remote); filter(f_linux); destination(linux); }; log { source(remote); filter(f_windows); destination(windows); }; log { source(remote); filter(f_router); destination(router); };
Problem:
1) In the windows section I have 125 machine and only 80 recording. I try to move the last hostname in first position: filter f_windows { host("125|name1.domain.tld|name2.domain.tld|name3.domain.tld|...........|124 "); }; the test it ok, hostname logger and recording.
the maximum length of the regular expressions in 1023 character
2)Every 10-15 minutes the syslog-ng system it down.
you might try 1.4.17 (stable) or 1.5.23 (soon to be stable) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1