Hi,

On Tue, Apr 20, 2010 at 12:15 PM, abhay singh <abhay.asingh@gmail.com> wrote:
> I have made that changes and restarted syslog services even though its not
> working///
> Now its like this
>
> options {
>                long_hostnames(off);
>                sync(0);
>                perm(0640);
>                stats(3600);
>                keep_hostname(yes);
> };
> source s_external {
>         udp(port(514));
>         #udp(ip("192.168.114.129") port(514));
>         #udp(ip("0.0.0.0") port(514));
> };  # Specific
> source s_stunnel {
>         tcp(ip("127.0.0.1")
>         port(514)
>         max-connections(1));
>        };
> destination d_external { file("/data/extract/syslogs/$HOST_syslog.log" \
>     owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
>     template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n")
> );
>         };
>
> destination d_stunnel{ file("/data/extract/syslogs/$HOST/$HOST_syslog.log" \
>     owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
>     template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n")
> );
>         };
>
> log { source(s_external); destination(d_external); };
> log { source(s_stunnel); destination(d_stunnel); };

Could you show a few logged lines? Which version of syslog-ng you're using?

$HOST should remain blank only when syslog-ng failed to parse the
hostname part of the log. BTW it's better to use ${HOST} instead of
plain $HOST especially when there are no delimeters around the macro.

Regards,

Sandor

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html