thanks scott, i saw the errors that was my fault for being tired and a little lazy that night made adjustments to file now i get no errors when doing the syslog-ng --syntax-only but I am not getting any logging of the normal items like login attempt and failures and such the only log i got was below looks like its just the stats and this was in messages and debug not the main log Jun 1 11:48:05 mcm-001 syslog-ng[120]: syslog-ng starting up; version='3.0.8' Jun 1 11:58:06 mcm-001 syslog-ng[120]: Log statistics; processed='destination(user)=0', processed='destination(mailwarn)=0', processed='destination(uucp)=0', processed='destination(lpr)=0', processed='destination(daemon)=0', processed='destination(debug)=1', processed='center(received)=0', processed='destination(mailerr)=0', processed='destination(d_syslog)=1', processed='destination(kern)=0', processed='source(src)=1', processed='destination(mailinfo)=0', processed='destination(newsnotice)=0', processed='destination(newserr)=0', processed='destination(messages)=1', processed='destination(authlog)=0', processed='destination(ppp)=0', processed='center(queued)=0', processed='destination(mail)=0', processed='destination(newscrit)=0', processed='destination(cron)=0', processed='src.internal(src#1)=1', stamp='src.internal(src#1)=1306943285', processed='destination(console)=0', processed='destination(console_all)=1' here is the revised latest config @version: 3.0 # # Syslog-ng example configuration for for Debian GNU/Linux # # Copyright (c) 1999 anonymous # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf.sample,v 1.3 2003/05/20 08:57:27 asd Exp $ # # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # # replaced with Line below fxs options { long_hostnames(off); sync(0); }; options { long_hostnames(off); flush_lines(0); }; source src { unix-stream("/var/run/syslog"); internal(); }; source net { udp(); }; destination authlog { file("/var/log/auth.log"); }; # replaced with Line below fxs destination syslog { file("/var/log/syslog"); }; destination d_syslog { file("/var/log/syslog.log"); }; #destination d_syslog { file("/var/log/system.log"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination kern { file("/var/log/kern.log"); }; destination lpr { file("/var/log/lpr.log"); }; destination user { file("/var/log/user.log"); }; destination uucp { file("/var/log/uucp.log"); }; destination ppp { file("/var/log/ppp.log"); }; destination mail { file("/var/log/mail.log"); }; destination mailinfo { file("/var/log/mail.info"); }; destination mailwarn { file("/var/log/mail.warn"); }; destination mailerr { file("/var/log/mail.err"); }; destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); }; destination debug { file("/var/log/debug"); }; destination messages { file("/var/log/messages"); }; destination console { usertty("root"); }; #destination console_all { file("/dev/tty12"); }; destination console_all { file("/dev/console"); }; #destination loghost { udp("loghost" port(999)); }; destination xconsole { pipe("/dev/xconsole"); }; filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; #Changed it to make it filter the messages from the localO fxs filter f_syslog { not facility(authpriv, mail); }; filter f_syslog { facility(local0); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_uucp { facility(cron); }; filter f_ppp { facility(local2); }; filter f_news { facility(news); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; log { source(src); filter(f_authpriv); destination(authlog); }; # replaced with Line below fxs log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_syslog); destination(d_syslog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; log { source(src); filter(f_kern); destination(kern); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_user); destination(user); }; log { source(src); filter(f_uucp); destination(uucp); }; log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; log { source(src); filter(f_news); filter(f_err); destination(newserr); }; log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; log { source(src); filter(f_ppp); destination(ppp); }; log { source(src); destination(console_all); }; On Wed, Jun 1, 2011 at 6:00 AM, <syslog-ng-request@lists.balabit.hu> wrote:
Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu
You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: syslog-ng Digest, Vol 73, Issue 37 (Frank Scalzo) 2. [Bug 122] [3.2.4]: mixed linking broken for libsyslog-ng.so.* (bugzilla@bugzilla.balabit.com) 3. [Bug 122] [3.2.4]: mixed linking broken for libsyslog-ng.so.* (bugzilla@bugzilla.balabit.com) 4. Re: syslog-ng Digest, Vol 73, Issue 37 (Scott Rochford) 5. [Bug 122] [3.2.4]: mixed linking broken for libsyslog-ng.so.* (bugzilla@bugzilla.balabit.com) 6. [Bug 122] [3.2.4]: mixed linking broken for libsyslog-ng.so.* (bugzilla@bugzilla.balabit.com)
----------------------------------------------------------------------
Message: 1 Date: Tue, 31 May 2011 08:51:17 -0400 From: Frank Scalzo <fscalzo@gmail.com> Subject: Re: [syslog-ng] syslog-ng Digest, Vol 73, Issue 37 To: syslog-ng@lists.balabit.hu Message-ID: <BANLkTikpWETLmnTSzSDL_4Cx4p0=gPT+6w@mail.gmail.com> Content-Type: text/plain; charset="windows-1252"
Gergely,
sorry after fighting with this for hours i forgot to upload.
@version: 3.0 # # Syslog-ng example configuration for for Debian GNU/Linux # # Copyright (c) 1999 anonymous # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf.sample,v 1.3 2003/05/20 08:57:27 asd Exp $ # # Syslog-ng configuration file, compatible with default Debian syslogd # installation. #
# replaced with Line below fxs options { long_hostnames(off); sync(0); }; options { long_hostnames(off); flush_lines(0); };
source src { unix-stream("/var/run/syslog"); internal(); }; source net { udp(); };
destination authlog { file("/var/log/auth.log"); }; # replaced with Line below fxs destination syslog { file("/var/log/syslog"); }; destination d_syslog { file(?/var/log/system.log?); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination kern { file("/var/log/kern.log"); }; destination lpr { file("/var/log/lpr.log"); }; destination user { file("/var/log/user.log"); }; destination uucp { file("/var/log/uucp.log"); }; destination ppp { file("/var/log/ppp.log"); }; destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); }; destination mailwarn { file("/var/log/mail.warn"); }; destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); }; destination messages { file("/var/log/messages"); }; destination console { usertty("root"); }; #destination console_all { file("/dev/tty12"); }; destination console_all { file(?/dev/console?); }; #destination loghost { udp("loghost" port(999)); };
destination xconsole { pipe("/dev/xconsole"); };
filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; #Changed it to make it filter the messages from the localO fxs filter f_syslog { not facility(authpriv, mail); }; filter f_syslog { facility(local0); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_uucp { facility(cron); }; filter f_ppp { facility(local2); }; filter f_news { facility(news); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); };
filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); };
log { source(src); filter(f_authpriv); destination(authlog); }; # replaced with Line below fxs log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_syslog); destination(d_syslog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; log { source(src); filter(f_kern); destination(kern); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_user); destination(user); }; log { source(src); filter(f_uucp); destination(uucp); }; log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; log { source(src); filter(f_news); filter(f_err); destination(newserr); }; log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; log { source(src); filter(f_ppp); destination(ppp); }; log { source(src); destination(console_all); };