Hi,
I'm trying to configure syslog-ng to log windows client, i downloaded and installed snare agent and I added the following to the conf file:
you mentioned that you added the following below, how does the whole config file look like?
filter windows { program(MSWinEventLog); }; destination windows { file("/var/log/archive/windows/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY" template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no) ); }; log { source(local); filter(windows); destination(windows); flags(final); };
May I suggest that you maybe think about your naming convention? It could prove helpful prefixing filters with "f_", destinations with "d_" and sources with "s_" to omit naming confusions (there should not be a name space collision though).
when i type syslog-ng -f /etc/syslog-nf.conf i get this error message:
# syslog-ng -f /etc/syslog-ng.conf unresolved reference: local
Do you have a local source entry in your config file somewhere? For example something along the lines of: source local { internal(); unix-stream("/dev/log"); file("/proc/kmsg"); }; HTH, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc