Hi Am using syslog-ng 1.6.8, and syslogd 1.4.1. few lines from logs are Apr 21 08:54:59 xxx.xxx.xxx.xxx zzziper 86 [local0.info] zzziper: 2010-04-21 08:59:58 - zzziperSA-2 - [yyy.yyy.yyy.yyy] a.rico(RD Employee)[Outlook WEB Access Spain, Network Connect VPN Users] - Web SSO: Authentication successful. Credential Used: UserUID: xxx, Username: xxx, BasicHash: XXXXXX, Auth Type: (2) BasicAuth, Cred Type: (1) Variable Credential, Target: zzz.zzz.zzz.zzz, Password: XXXXXX, Policy Auth: (2) BasicAuth, Cred Label: BA_Upg_6, Apr 21 08:54:59 xxx.xxx.xxx.xxx zzziper 86 [local0.info] zzziper: 2010-04-21 08:59:58 - JuniperSA-2 - [yyy.yyy.yyy.yyy] a.rico(RD Employee)[Outlook WEB Access Spain, Network Connect VPN Users] - WebRequest completed, POLL to http://yyy.yyy.yyy.yyy//exchange/a.rico/Inbox<http://192.168.8.11//exchange/a.rico/Inbox>from yyy.yyy.yyy.yyy result=207 sent=36 received=292 in 1 seconds On Tue, Apr 20, 2010 at 4:10 PM, Sandor Geller < Sandor.Geller@morganstanley.com> wrote:
Hi,
On Tue, Apr 20, 2010 at 12:15 PM, abhay singh <abhay.asingh@gmail.com> wrote:
I have made that changes and restarted syslog services even though its not working/// Now its like this
options { long_hostnames(off); sync(0); perm(0640); stats(3600); keep_hostname(yes); }; source s_external { udp(port(514)); #udp(ip("192.168.114.129") port(514)); #udp(ip("0.0.0.0") port(514)); }; # Specific source s_stunnel { tcp(ip("127.0.0.1") port(514) max-connections(1)); }; destination d_external { file("/data/extract/syslogs/$HOST_syslog.log" \ owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes) template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n") ); };
destination d_stunnel{ file("/data/extract/syslogs/$HOST/$HOST_syslog.log" \ owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes) template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n") ); };
log { source(s_external); destination(d_external); }; log { source(s_stunnel); destination(d_stunnel); };
Could you show a few logged lines? Which version of syslog-ng you're using?
$HOST should remain blank only when syslog-ng failed to parse the hostname part of the log. BTW it's better to use ${HOST} instead of plain $HOST especially when there are no delimeters around the macro.
Regards,
Sandor
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Regards.. Abhay Singh.. 91-98804-55587 Sr. Software Engineer. Robust Designs India Pvt Ltd. Bangalore