I made some fine Deb-Pakets from libol 0.2.3 and syslog-ng 1.1.31 and installed it on a Debian 2.1 system. Everthing works/logs nicely :-)
great. in the meanwhile I've released 1.1.32 and libol 0.2.5, you may want to grab those as well.
Now I want enable the "hashing-feature" and filter against a file with regex- terms but I found now proper info in the docs. How can configure this features? (I don't found "genh0" and "checkhash" as mentioned in the syslog-ng manpage).
How can I realize a system which for example executes a script if a regex- target gets hit. The idea is to get a realtime logchecker which mails faults to the admin ...
hashing is not about a file with regexps in it. It is a digital fingerprint of each log message stored along with the logfile. This way unauthorized modification can easily be detected. However this feature is not yet implemented in the 1.1.xx branch only in 1.0.x. To do what you would like, you'll need the match filter and the new destination called "program", like this filter f_alerts { match("(alert)|(breakin)|..."); }; destination d_script { program("/usr/local/sbin/alertscript"); }; log { source(src); filter(f_alerts); destination(d_script); }; The script is run as soon as syslog-ng starts up, and is kept running until the configuration is reloaded, or syslog-ng is terminated. -- Bazsi