On Tue, 2004-07-13 at 22:15, alex wrote:
Hello,
I have compiled syslog-ng (latest ver syslog-ng 1.6.4) on AIX 5.1 and have configured the client to send sudo logs to the centrilized server. The Network part is working fine, and I know my binary compiled OK. In addition to sudo activity logging I was going to send logs, produced by the other daemon--sudoscriptd--which logs all root shell activities to some predefined file on the same server (for testing) and later I will send it too. In my case: var/log/sudoscript. I was going to centrilized this one as well, but for now I can't figured out why syslog-ng is NOT READING from the source file. Also, I was trying: source sudo_scr {pipe("/var/log/sudoscript"); }; - with no success.
syslog-ng as of 1.6.x uses the file source to read from special files like /proc/kmsg to fetch kernel logs. the difference between /proc/kmsg and a regular file that the latter does not support polling, which syslog-ng currently requires. the unfinished 1.9.x codebase supports "tail -f" like operation, but for 1.6.x you need to stick to "tail -f /var/log/sudoscript | logger" -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1