Hello list, I've just setup a centralized syslog-ng server with mysql Remote clients work well but I'v got a little problem with a filter ... On each client I've got snmp daemon running and nagios network manager server polling clients ... My problem is that each time my nagios NMS connect it to a client it appears this line in daemon.info client log "Oct 10 03:15:48 vlanrouter1 snmpd[1868]: Connection from 192.168.0.12 " I would like to filter this line to exclude it from the remote log ... So I 've added this filter filter f_not_daemon_info { (not facility(daemon) and not level(info)); }; but not works and all "daemon" and all "info" levels are removed not just "daemon.info" I've search to remove this log from snmp daemon directly but seems to be a bug on my snmpd release ... I hope that someone have got the solution Regards Sebastien
What you have written is not facility(daemon) and not level(info) which is the same logic as any facility other than daemon OR any level other than info What you really want is filter f_not_daemon.info { not (facility(daemon) and level(info)); }; Evan. Sébastien CRAMATTE wrote:
Hello list,
I've just setup a centralized syslog-ng server with mysql Remote clients work well but I'v got a little problem with a filter ...
On each client I've got snmp daemon running and nagios network manager server polling clients ...
My problem is that each time my nagios NMS connect it to a client it appears this line in daemon.info client log
"Oct 10 03:15:48 vlanrouter1 snmpd[1868]: Connection from 192.168.0.12 "
I would like to filter this line to exclude it from the remote log ... So I 've added this filter
filter f_not_daemon_info { (not facility(daemon) and not level(info)); };
but not works and all "daemon" and all "info" levels are removed not just "daemon.info" I've search to remove this log from snmp daemon directly but seems to be a bug on my snmpd release ...
I hope that someone have got the solution Regards
Sebastien
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Thanks for your answer It works :) Evan Rempel a écrit :
What you have written is
not facility(daemon) and not level(info)
which is the same logic as
any facility other than daemon OR any level other than info
What you really want is
filter f_not_daemon.info { not (facility(daemon) and level(info)); };
Evan.
Sébastien CRAMATTE wrote:
Hello list,
I've just setup a centralized syslog-ng server with mysql Remote clients work well but I'v got a little problem with a filter ...
On each client I've got snmp daemon running and nagios network manager server polling clients ...
My problem is that each time my nagios NMS connect it to a client it appears this line in daemon.info client log "Oct 10 03:15:48 vlanrouter1 snmpd[1868]: Connection from 192.168.0.12 "
I would like to filter this line to exclude it from the remote log ... So I 've added this filter
filter f_not_daemon_info { (not facility(daemon) and not level(info)); };
but not works and all "daemon" and all "info" levels are removed not just "daemon.info" I've search to remove this log from snmp daemon directly but seems to be a bug on my snmpd release ...
I hope that someone have got the solution Regards
Sebastien
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hello list I would like to know how can I use syslog-ng with chrooted program as bind or dhcpd ? regards
Sébastien CRAMATTE wrote:
Hello list
I would like to know how can I use syslog-ng with chrooted program as bind or dhcpd ?
Simply add a new source for every chroot: source s_chrooted_bind { unix-stream("/chroot/bind/dev/log"); }; And configure your log statements to include this source too. Another approach is to add the streams to the already existing sources. -- Sandor Geller wildy@balabit.hu
Sandor Geller a écrit :
Sébastien CRAMATTE wrote:
Hello list
I would like to know how can I use syslog-ng with chrooted program as bind or dhcpd ?
Simply add a new source for every chroot:
source s_chrooted_bind { unix-stream("/chroot/bind/dev/log"); };
And configure your log statements to include this source too.
Another approach is to add the streams to the already existing sources.
Thanks for this very efficient answer ;) Regards
add an extra unix-stream source definition to create the log socket inside the chroot jail. It's on this page if unsure. http://www.campin.net/syslog-ng/faq.html Hari Sekhon Sébastien CRAMATTE wrote:
Hello list
I would like to know how can I use syslog-ng with chrooted program as bind or dhcpd ?
regards _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hari Sekhon a écrit :
add an extra unix-stream source definition to create the log socket inside the chroot jail.
It's on this page if unsure. http://www.campin.net/syslog-ng/faq.html
Hari Sekhon
I've just do this according the Sandor Geller answer's ... works perfectly
Sébastien CRAMATTE wrote:
Hello list
I would like to know how can I use syslog-ng with chrooted program as bind or dhcpd ?
regards _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (4)
-
Evan Rempel
-
Hari Sekhon
-
Sandor Geller
-
Sébastien CRAMATTE