Create a Log file for Each server.
Hello all. How are you? I have a windows sever with Syslog agent installed on it and it forward all logs to my Linux box. My Syslog-NG collected it very well but I want to Forward another Windows Events into my Syslog server but How can I modify my current config file for create another file for this new server? I use Logstash and Kibana on my Linux Box, Can it detect my new Log file automatically? # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_netsyslog { udp(ip(0.0.0.0) port(514) flags(no-hostname)); tcp(ip(0.0.0.0) port(514) flags(no-hostname)); }; destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); }; log { source(s_netsyslog); destination(d_netsyslog); }; as you see it collect Syslog from any IP address. Cheers.
very simple. destination d_separatedbyhosts { file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY" ); } (didn't you ask this back in August?)
Hello all. How are you? I have a windows sever with Syslog agent installed on it and it forward all logs to my Linux box. My Syslog-NG collected it very well but I want to Forward another Windows Events into my Syslog server but How can I modify my current config file for create another file for this new server? I use Logstash and Kibana on my Linux Box, Can it detect my new Log file automatically?
# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. #
options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
source s_netsyslog { udp(ip(0.0.0.0) port(514) flags(no-hostname)); tcp(ip(0.0.0.0) port(514) flags(no-hostname)); };
destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); };
log { source(s_netsyslog); destination(d_netsyslog); };
as you see it collect Syslog from any IP address.
Cheers. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello I change my configuration to : destination d_separatedbyhosts { file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY"owner("root") group("root") perm(0644)); }; log { source(s_netsyslog); destination(d_separatedbyhosts); }; but I when I browse /var/log , I can't see any new file or folder :(. What is the problem? Cheers. On Saturday, December 6, 2014 7:29 PM, Jim Hendrick <jrhendri@roadrunner.com> wrote: very simple. destination d_separatedbyhosts { file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY" ); } (didn't you ask this back in August?)
Hello all. How are you? I have a windows sever with Syslog agent installed on it and it forward all logs to my Linux box. My Syslog-NG collected it very well but I want to Forward another Windows Events into my Syslog server but How can I modify my current config file for create another file for this new server? I use Logstash and Kibana on my Linux Box, Can it detect my new Log file automatically?
# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. #
options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
source s_netsyslog { udp(ip(0.0.0.0) port(514) flags(no-hostname)); tcp(ip(0.0.0.0) port(514) flags(no-hostname)); };
destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); };
log { source(s_netsyslog); destination(d_netsyslog); };
as you see it collect Syslog from any IP address.
Cheers. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
I assume you are still using these config settings (from your August emails) options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; Please try changing create_dirs() Also - I suggest you browse / search the excellent documentation at the balabit site. We are happy to help, but most of your questions are answered there Jim On 12/10/2014 06:11 AM, Jason Long wrote:
Hello I change my configuration to :
destination d_separatedbyhosts { file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY"owner("root") group("root") perm(0644)); };
log { source(s_netsyslog); destination(d_separatedbyhosts); };
but I when I browse /var/log , I can't see any new file or folder :(. What is the problem?
Cheers.
On Saturday, December 6, 2014 7:29 PM, Jim Hendrick <jrhendri@roadrunner.com> wrote: very simple.
destination d_separatedbyhosts { file( "/var/log/$HOST/$HOST.$FACILITY.$SEVERITY.$YEAR.$MONTH.$DAY" ); }
(didn't you ask this back in August?)
Hello all. How are you? I have a windows sever with Syslog agent installed on it and it forward all logs to my Linux box. My Syslog-NG collected it very well but I want to Forward another Windows Events into my Syslog server but How can I modify my current config file for create another file for this new server? I use Logstash and Kibana on my Linux Box, Can it detect my new Log file automatically?
# syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. #
options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
source s_netsyslog { udp(ip(0.0.0.0) port(514) flags(no-hostname)); tcp(ip(0.0.0.0) port(514) flags(no-hostname)); };
destination d_netsyslog { file("/var/log/network.log" owner("root") group("root") perm(0644)); };
log { source(s_netsyslog); destination(d_netsyslog); };
as you see it collect Syslog from any IP address.
Cheers. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Jason Long
-
Jim Hendrick