Hi, On Tue, Apr 20, 2010 at 12:15 PM, abhay singh <abhay.asingh@gmail.com> wrote:
I have made that changes and restarted syslog services even though its not working/// Now its like this
options { long_hostnames(off); sync(0); perm(0640); stats(3600); keep_hostname(yes); }; source s_external { udp(port(514)); #udp(ip("192.168.114.129") port(514)); #udp(ip("0.0.0.0") port(514)); }; # Specific source s_stunnel { tcp(ip("127.0.0.1") port(514) max-connections(1)); }; destination d_external { file("/data/extract/syslogs/$HOST_syslog.log" \ owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes) template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n") ); };
destination d_stunnel{ file("/data/extract/syslogs/$HOST/$HOST_syslog.log" \ owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes) template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n") ); };
log { source(s_external); destination(d_external); }; log { source(s_stunnel); destination(d_stunnel); };
Could you show a few logged lines? Which version of syslog-ng you're using? $HOST should remain blank only when syslog-ng failed to parse the hostname part of the log. BTW it's better to use ${HOST} instead of plain $HOST especially when there are no delimeters around the macro. Regards, Sandor