Hi
all,
I'm trying to set up
a syslog-ng 2.0.0 on Red Hat Enterprise 4.0 i386 edition.
I have already set
up my /etc/syslog-ng.conf file in following way:
[root@swlogg02
cisco]# cat /etc/syslog-ng.conf
# syslog-ng configuration file.
#
#
This should behave pretty much like the original syslog on RedHat. But
# it
could be configured a lot smarter.
#
# See syslog-ng(8) and
syslog-ng.conf(5) for more information.
#
options
{
sync
(0);
time_reopen
(10);
log_fifo_size
(1000);
long_hostnames
(off);
use_dns
(no);
use_fqdn
(no);
create_dirs
(yes);
keep_hostname
(yes);
};
source s_cisco
{
udp(ip(0.0.0.0)
port(514));
};
destination
d_cisco_d { file("/var/log/cisco/$HOST/$YEAR/$MONTH/$DAY/log");
};
destination d_cisco_c {
file("/var/log/cisco/$HOST/$YEAR/$MONTH/$DAY/log"); };
filter
f_cisco_d { level(debug); };
filter f_cisco_c {
level(crit); };
log {
source(s_cisco); filter(f_cisco_d); destination(d_cisco_d); };
log {
source(s_cisco); filter(f_cisco_c); destination(d_cisco_c);
};
but I only got logs
from only one machine, for your information from ASA5520. I would liek to
receive messages from almost 50 machines (routers/switches/firewalls, etc). As
general I set up on firewalls critical level of logging and on router/switches
debug.
Could you please
tell me what I did wrong?
regards
--
Michał
Rębelski