Has anyone ever used the Eventlog to syslog program found here. https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys I was trying to decipher their input as to how to word the filters and am coming up short other than putting a direct match for the host name I am using. Any help would be greatly appreciated. Tom ******************************************** This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. ********************************************
Tom, Edwards, Thomas wrote:
Has anyone ever used the Eventlog to syslog program found here.
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys
I'm using this as the preferred choice for receiving logs from Windows boxen.
I was trying to decipher their input as to how to word the filters and am coming up short other than putting a direct match for the host name I am using.
Any help would be greatly appreciated.
I don't use a filter, but use a destination along the lines of ... file("/path/to/logs/$HOST/$YEAR-$MONTH-$DAY" template("$FULLDATE $FULLHOST $FACILITY.$PRIORITY $MSG\n") owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); ... which means that logs for each host go into a separate directory, and that they are 'rotated' on a daily basis. This may not suit your needs, but works well for me. Cheers Phil
On Mon, May 10, 2004 at 09:30:35AM +1000, Philip Webster wrote:
Tom,
Edwards, Thomas wrote:
Has anyone ever used the Eventlog to syslog program found here.
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys
I'm using this as the preferred choice for receiving logs from Windows boxen.
I was trying to decipher their input as to how to word the filters and am coming up short other than putting a direct match for the host name I am using.
Any help would be greatly appreciated.
I don't use a filter, but use a destination along the lines of ...
file("/path/to/logs/$HOST/$YEAR-$MONTH-$DAY"
Sorry to interrupt but: I actually wanted this exact organisation system (/path/to/logs/$HOST) but I decided against it because of what I read in the syslog-ng FAQ. Is this information out of date?. [OT] It's all irrelevant now anyway because I managed to break syslog-ng, it now no longer logs anything, or gives any errors :S mark www.darklogik.org
template("$FULLDATE $FULLHOST $FACILITY.$PRIORITY $MSG\n") owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
... which means that logs for each host go into a separate directory, and that they are 'rotated' on a daily basis. This may not suit your needs, but works well for me.
Cheers Phil
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Mon, May 10, 2004 at 11:06:13AM +0100, markzero@logik.ath.cx wrote:
Sorry to interrupt but: I actually wanted this exact organisation system (/path/to/logs/$HOST) but I decided against it because of what I read in the syslog-ng FAQ. Is this information out of date?.
You would need to be specific about the information you mean, but the answer is no. It's always good advice to not trust input from the network (including the DNS), it's up to you to audit the syslog-ng source code to see what sanity checks it puts on the input, and up to you to ensure that your configuration doesn't compromise your security. The FAQ just gives generally good advice. If someone can prove that syslog-ng will never compromise a host's security because of filenames created using macro expansion (good luck proving perfect security), then I'll update the FAQ. It should be noted that many, if not most people do use the hostname to log by directory and no ill effects have been reported (to my knowledge) besides the junk directory names. My randomly chosen signature is closely related, must be a sign. -- Nate Your mantra for today is: Don't let data from the network near a shell. Bad things happen. -- Randall Schwartz
participants (4)
-
Edwards, Thomas
-
markzero@logik.ath.cx
-
Nate Campi
-
Philip Webster