On Fri, Jan 07, 2011 at 11:37:05AM -0800, Matthew Hall wrote:
On Fri, Jan 07, 2011 at 08:18:00PM +0100, Gergely Nagy wrote:
On Fri, 2011-01-07 at 11:58 -0500, Christopher Barry wrote:
syslog-ng (2.0.9-4.2) is the packaged version in Ubuntu 10.04. Can I use this version to create the patterns that have been mentioned in this thread, or do I need to pull down a newer (3.x) .deb from balabit? If a newer one is appropriate or required, which version is recommended?
I would strongly recommend 3.x. Debian has 3.1.3, and that version will probably work just fine on Ubuntu 10.04 (haven't tried, you might need to recompile in the worst case).
I'm with him on this, but I'm stricter. I recommend using 3.2 because it's got the most reliable bug fixes and features and syntax, such as correlation between events.
Matthew.
Forgot to mention: There is a debian/ directory in the sources which should make it easy to create a deb. Simply install all the packages in debian/control Build-Depends and Depends, along with build-essential. Then run debian/rules binary. You should get a working package pretty easily after that. Matthew.