I modefied it and it gave me the following result after restarting : Error binding socket; addr='AF_INET(163.121.189.131:514)', error='Cannot assign requested address (99)' Error initializing source driver; source='s_remote', id='s_remote#0' Error initializing message pipeline; [FAILED] I s it possible that this's becuese I used the same source name in the first part of configuration ?
Date: Thu, 2 Jul 2009 10:19:40 +0200 From: Siem.Korteweg@qnh.nl To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng] Send a specific log by email
Correct the name of the source in the log-statement. You defined source s_remote and used r_remote in the log definition.
regards,
Siem Korteweg
-----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens Reaky Rok Verzonden: do 2-7-2009 10:13 Aan: syslog-ng@lists.balabit.hu Onderwerp: Re: [syslog-ng] Send a specific log by email
Dear I still have a problem, the following is my configuration file that realated with remote IP's
====================================================================================== ======================================================================================
# Remote logging source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); };
destination d_separatedbyhosts { file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
log { source(s_remote); destination(d_separatedbyhosts); };
#============================================================== #Filtration for SME Alerts source s_remote { tcp(ip(163.121.189.131) port(514)); udp(ip(163.121.189.131) port(514)); };
destination syslogmail { program("/usr/local/bin/syslog-mail-perl"); }; log { source(r_remote); destination(syslogmail); };
#====================================================================================== #====================================================================================== The first part is the original for all remote IP's and It's working good The second is the part of the IP that I want to filter When I restart It gave m ethe following error
WARNING: file source: default value of follow_freq in file sources is changing in 3.0 to '1' for all files except /proc/kmsg; Error in configuration, unresolved source reference; source='r_remote'
Could u please help me in that Thanks
Date: Wed, 1 Jul 2009 15:41:59 +0200 From: Siem.Korteweg@qnh.nl To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng] Send a specific log by email
I guess that removing the filter statement (and restarting syslog-ng) is sufficient.
regards,
Siem Korteweg
-----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens Reaky Rok Verzonden: wo 1-7-2009 15:27 Aan: syslog-ng@lists.balabit.hu Onderwerp: Re: [syslog-ng] Send a specific log by email
But I think as per the example the syslog will just send the log if it match specific string like ( attackalert ) in the example, But I want it send all new logs from this IP when comming without matching a specific string or word, Can you help in this ?
_________________________________________________________________ Show them the way! Add maps and directions to your party invites. http://www.microsoft.com/windows/windowslive/products/events.aspx
_________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&...