Hi,
I m trying to log only specific type of program alerts in a mysql db at
remote syslog-ng server. Till now i m able to get exactly the messages
that i wanted but i m also getting some annoying messages in mysql db.
I did researched the problem but was unable to find any satified
answer. These messages are
I m also attaching my syslog-ng.conf file any help would be greatly appreciated.
options { long_hostnames(off);
sync(0);
keep_hostname(yes);
chain_hostnames(no);
use_time_recvd(yes);
};
source src {unix-stream("/dev/log");
pipe("/proc/kmsg");
internal();};
source stunnel {tcp(ip("127.0.0.1") port(514) keep-alive(yes));};
source netscreen {udp(ip("192.168.1.6") port(514) );};
destination remoteclient {file("/var/log/HOSTS/$HOST/
$DAY.$MONTH.$YEAR.loggedmessages" create_dirs(yes));};
destination dest {file("/var/log/HOSTS/$HOST/$DAY.$MONTH.$YEAR.loggedmessages" create_dirs(yes));};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',
'$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
filter f_syslog {not match("STATS: dropped");};
filter f_auth { facility(auth) or program(".*ftp*.") or program(".*ssh*.") or program(".*pam*."); };
log {source(src); filter(f_syslog); filter(f_auth); destination(d_mysql);};
log {source(stunnel); filter(f_syslog); filter(f_auth); destination(d_mysql);};
log {source(netscreen); destination(d_mysql);};
log {source(src); filter(f_syslog); destination(dest);};
log {source(stunnel); filter(f_syslog); destination(remoteclient);};
log {source(netscreen); destination(remoteclient);};