syslog-ng 1.4.17 / cron messages / RH 7.3
Hello group, I have just installed syslog-ng 1.4.17 and playing with it on RH 7.3 Initially I was getting crond messages in my logs (was attempting to send them to a separate cron log file, but they were ending up in both /var/log/cron as well as the standard /var/log/messages files. I tried to change the filter (I hadn't matched the case, etc...) thinking that may help. The messages stopped going to both places. I have tried various things like changing it back, re-organizing the filter/log statements (grasping at straws), and added a log entry for filter(DEFAULT), but I still can't seem to get them to come back. Here is my conf file: options { sync(0); chain_hostnames(no); dir_perm(0755); perm(0644); time_reopen(10); log_fifo_size(1000); long_hostnames(off); use__dns(yes); use_fqdn(yes); create_dirs(yes); keep_hostname(yes); }; source s_sys { unix-stream("/dev/log"); internal(); udp(); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_hosts { file("/var/syslog/hosts/$YEAR/$MONTH/$HOST" owner(root) group(root) perm(0644) dir_perm(0700) create_dirs(yes)); }; destination d_mlal { usertty("*"); }; destination d_cron { file("/var/log/cron"); }; filter f_auth { facility(authpriv); }; filter f_cron { facility(CROND) or facility(cron); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_spooler { facility(uucp) or (facility(news) and level(crit)); }; filter f_boot { facility(local7); }; filter f_hosts { facility(local3) or facility(local4); }; # filter f_mesg { level(info) or facility(mail) or facility(authpriv) or facility(user) and not facility(cron); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_mlal); }; log { source(s_sys); filter(f_spooler); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_hosts); destination(d_hosts); }; # log { source(s_sys); filter(f_mesg); destination(d_mesg); }; log { source(s_sys); filter(DEFAULT); destination(d_mesg); }; Here is a sample of the /var/log/cron file that has a couple of the messages that aren't showing up: Mar 6 15:10:00 chumly CROND[6213]: (root) CMD (/home/mrtg/run-rrd-cfgs) Mar 6 15:15:00 chumly CROND[6232]: (root) CMD (/home/mrtg/run-rrd-cfgs) I have implemented the init.d file that is included in the contrib directory, and between config file changes, used service syslog-ng restart to kick it into re-reading the new conf file. Any ideas what I am doing wrong, or where to start looking? I am relatively new to the whole linux world, but trying very hard to get a handle on things. :-) Any help is appreciated. Tim _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
facility(CROND) is not a valid facility. You should be using facility(cron). Take a look at: http://www.campin.net/syslog-ng/expanded-syslog-ng.conf for a lot more details. Richard
-----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Tim Sheets Sent: Thursday, March 06, 2003 6:26 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]syslog-ng 1.4.17 / cron messages / RH 7.3
Hello group,
I have just installed syslog-ng 1.4.17 and playing with it on RH 7.3
Initially I was getting crond messages in my logs (was attempting to send them to a separate cron log file, but they were ending up in both /var/log/cron as well as the standard /var/log/messages files. I tried to change the filter (I hadn't matched the case, etc...) thinking that may help. The messages stopped going to both places. I have tried various things like changing it back, re-organizing the filter/log statements (grasping at straws), and added a log entry for filter(DEFAULT), but I still can't seem to get them to come back.
Here is my conf file:
options { sync(0); chain_hostnames(no); dir_perm(0755); perm(0644); time_reopen(10); log_fifo_size(1000); long_hostnames(off); use__dns(yes); use_fqdn(yes); create_dirs(yes); keep_hostname(yes); };
source s_sys { unix-stream("/dev/log"); internal(); udp(); };
destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_hosts { file("/var/syslog/hosts/$YEAR/$MONTH/$HOST" owner(root) group(root) perm(0644) dir_perm(0700) create_dirs(yes)); }; destination d_mlal { usertty("*"); }; destination d_cron { file("/var/log/cron"); };
filter f_auth { facility(authpriv); }; filter f_cron { facility(CROND) or facility(cron); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_spooler { facility(uucp) or (facility(news) and level(crit)); }; filter f_boot { facility(local7); }; filter f_hosts { facility(local3) or facility(local4); }; # filter f_mesg { level(info) or facility(mail) or facility(authpriv) or facility(user) and not facility(cron); };
log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_mlal); }; log { source(s_sys); filter(f_spooler); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_hosts); destination(d_hosts); }; # log { source(s_sys); filter(f_mesg); destination(d_mesg); }; log { source(s_sys); filter(DEFAULT); destination(d_mesg); };
Here is a sample of the /var/log/cron file that has a couple of the messages that aren't showing up:
Mar 6 15:10:00 chumly CROND[6213]: (root) CMD (/home/mrtg/run-rrd-cfgs) Mar 6 15:15:00 chumly CROND[6232]: (root) CMD (/home/mrtg/run-rrd-cfgs)
I have implemented the init.d file that is included in the contrib directory, and between config file changes, used service syslog-ng restart to kick it into re-reading the new conf file.
Any ideas what I am doing wrong, or where to start looking? I am relatively new to the whole linux world, but trying very hard to get a handle on things. :-)
Any help is appreciated.
Tim
_________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/sysl> og-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Richard E. Perlotto II
-
Tim Sheets