>>>Olivia.Leonard@davy.ie 11/04 12:13 pm >>>
Hi
I have set up a central logging server using syslog-ng (on solaris 8) - all the solaris servers, windows servers, and routers are logging to it with no big issues.
I want to get a HP-UX box logging to it and it's proving difficult. Initially In installed syslog-ng 1.5.8 from a depot and it sent only a startup message to the central server but none of the other messages such as logins, su and so on.
So I tried getting it to log to it using it's own native syslog - it just won't log anything. It resolves loghost and gives no errors on startup/restart but it just doesn't log anything (eventhough my central server listens on UDP 514 and gets messages from routers/switches)
Could anyone help me out with this?? Attached are both my syslog.conf and my syslog-ng.conf.
Thanks
Olivia
**********************************************************************************************************************************************************************
/etc/syslog.conf
#
mail.debug /var/adm/syslog/mail.log
#*.info;mail.none /var/adm/syslog/syslog.log
#*.alert /dev/console
#*.alert root
#*.eme!
rg *
*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug @loghost
#
***********************************************************************************************************************************************************************
/opt/syslog_ng/etc/syslog-ngsyslog-ng.conf
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
!
keep_hostname (yes);
};
source src {unix-stream("/dev/log"); internal(); };
destination everything {file("/home/leonarol/logfile"); };
## set up logging to loghost
destination loghost {
tcp("172.16.117.170" port(5140));
};
filter f_ssh_login_attempt {
program("sshd.*")
and match("(Failed|Accepted)")
and not match("Accepted (hostbased|publickey)");
};
filter f_emergency { level(emerg); };
filter f_alert { level(alert); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_warn { level(warn); };
filter f_notice { level(notice); };
filter f_info { level(info); };
log { source(src); filter(f_emergency); destination(everything); };
log { source(src); filter(f_alert); destination(everything); };
log { source(src); filter(f_crit); destination(everything); };
log { source(src); filter(f_err); destination(everything); };
log { source(src); filter(f_warn); destination(everything); };
log { source(src); filter(f_notice); destination(everything); };
log { source(src); filter(f_info); destination(everything); };
log { source(src); filter(f_emergency); destination(loghost); };
log { source(src); filter(f_alert); destination(loghost); };
log { source(src); filter(f_crit); destination(loghost); };
log { source(src); filter(f_err); destination(loghost); };
log { source(src); filter(f_warn); destination(loghost); };
log { source(src); filter(f_notice); destination(loghost); };
log { source(src); filter(f_info); destination(loghost); };
The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any other action taken or any views, opinions or advice contained in this e-mail are those of the sending individual and not necessarily those of the firm. It is possible for data transmitted by e-mail to be deliberately or accidentally corrupted or intercepted. For this reason where the communication is by e-mail, J&E Davy does not accept any responsibility for any breach of confidence which may arise from the use of this medium. If you have received this e-mail in error please notify us immediately at mailto:helpdesk@davy.ie and delete this e-mail from your system.