Hi, I've been toying a bit with syslog-ng, I'm quite happy so far with all the possibilities it offer me. But I got a problem getting it to work in my environment. I want to log normal syslogd machines to a LogHost which would run syslog-ng. I've installed syslog-ng 1.5.18 on my LogHost and ran a few tests. With this config: options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (no); chain_hostnames (no); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { unix-stream ("/dev/log"); internal(); udp (ip(209.71.224.21) port (514)); }; destination mail1 { file("/var/log/mail1"); }; filter filter_mail1 { host("mail1");}; log { source(s_sys); filter(filter_mail1); destination(mail1); }; As you can see, I want to log a host named "mail1" to a file "mail1". However, it doesn't work. The host send its log entries syslog-ng but doesn't recognize "mail1". But, if I change the host("mail1") to host("mail"), it work perfectly. The hostname in the /var/log/mail1 file is "mail" tho, not "mail1". I ran syslogd into debug mode on my "mail1" machine. I saw it does send the logs out with the "mail1" tag. I tried this with another of my host, its name is nexus1, I experienced the same behavior. So, I'm wondering if syslog-ng doesn't like having a number at the end of the hostname. The hosts running syslogd are RedHat 7.2 and 7.1. Any ideas? :) I'd like to get this working, all my hostnames got numbers.... Thanks! Jonathan.
On Mon, Jun 17, 2002 at 12:05:07PM -0400, Jonathan wrote:
Hi,
I've been toying a bit with syslog-ng, I'm quite happy so far with all the possibilities it offer me. But I got a problem getting it to work in my environment.
I want to log normal syslogd machines to a LogHost which would run syslog-ng. I've installed syslog-ng 1.5.18 on my LogHost and ran a few tests.
With this config:
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (no); chain_hostnames (no); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); };
source s_sys { unix-stream ("/dev/log"); internal(); udp (ip(209.71.224.21) port (514)); }; destination mail1 { file("/var/log/mail1"); }; filter filter_mail1 { host("mail1");}; log { source(s_sys); filter(filter_mail1); destination(mail1); };
As you can see, I want to log a host named "mail1" to a file "mail1". However, it doesn't work. The host send its log entries syslog-ng but doesn't recognize "mail1".
But, if I change the host("mail1") to host("mail"), it work perfectly. The hostname in the /var/log/mail1 file is "mail" tho, not "mail1".
I ran syslogd into debug mode on my "mail1" machine. I saw it does send the logs out with the "mail1" tag.
I tried this with another of my host, its name is nexus1, I experienced the same behavior.
So, I'm wondering if syslog-ng doesn't like having a number at the end of the hostname.
The hosts running syslogd are RedHat 7.2 and 7.1.
Any ideas? :) I'd like to get this working, all my hostnames got numbers....
hmm.. I don't care if hostnames contain numbers or not. Does reverse DNS of those hosts contain the correct name (with the number ?) You could sniff your network interface to see if the hostname is really present. (sometimes it is missing, and is added by syslog-ng based on the DNS name of the host) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Jonathan