Hello, I'm setting up syslog-ng for the first time. I used the Central Loghost Mini-HOWTO. I followed the instructions step by step but there are no local messages being logged to the system. I haven't tried remote logging yet. I have posted my config file below this message. If someone could point out my error, I would appreciate it. I'm using: syslog-ng 1.4.15 RedHat 7.2 Thanks for any help you can give me. Vilmos ***** Configuration file ***** options { sync (3); log_fifo_size (300); long_hostnames (off); use_dns (yes); use_fqdn (yes); keep_hostname (yes); }; source src { unix-stream("/dev/log"); internal(); }; source remote { tcp(ip("127.0.0.1") port(514) keep-alive(yes)); }; source src { unix-stream("/dev/log"); internal(); }; destination lpr { file("/var/log/lpr.log"); }; destination mail { file("/var/log/mail.log"); }; destination messages { file("/var/log/messages"); }; destination console_all { file("/dev/tty8"); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_messages { level(info.emerg) and not facility(mail,lpr); }; filter f_emergency { level(emerg); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(maillog); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; destination hosts { file("/var/log/HOSTS/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(remote); destination(hosts); };
you got the right idea, but the log parsing/filtering is all done on the server side. some great examples can be found here: http://venus.ece.ndsu.nodak.edu/~jezerr/linux/secure-remote-logging.html#sys... On Fri, 7 Mar 2003, Vilmos Branyik wrote:
Hello,
I'm setting up syslog-ng for the first time. I used the Central Loghost Mini-HOWTO.
I followed the instructions step by step but there are no local messages being logged to the system. I haven't tried remote logging yet.
I have posted my config file below this message. If someone could point out my error, I would appreciate it.
I'm using:
syslog-ng 1.4.15 RedHat 7.2
Thanks for any help you can give me.
Vilmos
***** Configuration file *****
options { sync (3); log_fifo_size (300); long_hostnames (off); use_dns (yes); use_fqdn (yes); keep_hostname (yes); };
source src { unix-stream("/dev/log"); internal(); }; source remote { tcp(ip("127.0.0.1") port(514) keep-alive(yes)); };
source src { unix-stream("/dev/log"); internal(); };
destination lpr { file("/var/log/lpr.log"); }; destination mail { file("/var/log/mail.log"); };
destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty8"); };
filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_messages { level(info.emerg) and not facility(mail,lpr); }; filter f_emergency { level(emerg); };
log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(maillog); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); };
destination hosts { file("/var/log/HOSTS/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
log { source(remote); destination(hosts); }; _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Daniel Simonton Hypodermic.NET Owner/Admin
On Fri, Mar 07, 2003 at 08:31:12PM -0700, Vilmos Branyik wrote:
source src { unix-stream("/dev/log"); internal(); }; source src { unix-stream("/dev/log"); internal(); };
You have two source lines, remove one and see if that helps. Also is syslog-ng actually running or does it quit after parsing the config file? -- Nate Campi http://www.campin.net
On Fri, Mar 07, 2003 at 08:31:12PM -0700, Vilmos Branyik wrote:
filter f_messages { level(info.emerg) and not facility(mail,lpr); };
Oh, and that line needs to be: filter f_messages { level(info,emerg) and not facility(mail,lpr); }; If you'd run: # syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf ...(fix paths are needed) you'd get quick and easy syntax checking. Hmm perhaps I see a new FAQ entry here. -- Nate Campi http://www.campin.net
participants (3)
-
Dale B. Sorry
-
Nate Campi
-
Vilmos Branyik