Fwd: [syslog-ng] syslog-ng not logging
Frowarding to the list, wish gmail used the reply-to header. :( ---------- Forwarded message ---------- From: catenate <infosec@gmail.com> Date: Sep 29, 2005 7:54 PM Subject: Re: [syslog-ng] syslog-ng not logging To: fico gid <ficohertz@gmail.com> On 9/29/05, fico gid <ficohertz@gmail.com> wrote:
Hi Again,
Below is the whole syslog-ng.conf file . Yes, it is not separating as in /host/somehost/year/month/day ..
<SNIP>
Let me know if you need more info,
Thanks Fico, This has to be the first time I've ever seen someone completely omit an options{}; block. Now I know that syslog-ng will gladly use defaults for all the options if/when you leave that out. Anyways, I'm still not completely clear on how exactly your installation is logging. Are you saying that you have logs going to /var/log/kern.log and the other NON-MACRO destinations, or are you saying that your macro filenames in /var/log/hosts/HOST/YEAR/... are being logged but incorrectly, like /var/log/hosts/YEAR/... ? Please be specific. I did a syntax check on your config file, and it looks fine to me. What version are you using?
Hi Catenate/All, My syslog-ng is from freebsd port version syslog-ng-1.6.6 . Right now the logs are not separated by their hostname - year - month - day .Instead they are going into one which is the localhost logs which is /var/log/host/localhost/year/month/date/local7 (local7 is from the routers) I wonder why its not creating the remote hosts directory. Hope its clear now. regards fico On 9/30/05, catenate <infosec@gmail.com> wrote:
Frowarding to the list, wish gmail used the reply-to header. :(
---------- Forwarded message ---------- From: catenate < infosec@gmail.com> Date: Sep 29, 2005 7:54 PM Subject: Re: [syslog-ng] syslog-ng not logging To: fico gid <ficohertz@gmail.com>
On 9/29/05, fico gid <ficohertz@gmail.com> wrote:
Hi Again,
Below is the whole syslog-ng.conf file . Yes, it is not separating as in /host/somehost/year/month/day ..
<SNIP>
Let me know if you need more info,
Thanks Fico,
This has to be the first time I've ever seen someone completely omit an options{}; block. Now I know that syslog-ng will gladly use defaults for all the options if/when you leave that out.
Anyways, I'm still not completely clear on how exactly your installation is logging. Are you saying that you have logs going to /var/log/kern.log and the other NON-MACRO destinations, or are you saying that your macro filenames in /var/log/hosts/HOST/YEAR/... are being logged but incorrectly, like /var/log/hosts/YEAR/... ? Please be specific.
I did a syntax check on your config file, and it looks fine to me. What version are you using?
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Mon, Oct 03, 2005 at 08:31:55AM +0800, fico gid wrote:
Hi Catenate/All,
My syslog-ng is from freebsd port version syslog-ng-1.6.6 . Right now the logs are not separated by their hostname - year - month - day .Instead they are going into one which is the localhost logs which is /var/log/host/localhost/year/month/date/local7 (local7 is from the routers)
I wonder why its not creating the remote hosts directory.
Please paste in a couple log entries that are logged incorrectly. Thanks. -- Nate "Don't let school interfere with your education." - Samuel Clemens
HI Cate, below is the logs from 3 different router but in one local7 file. %tail -f local7 Oct 3 13:58:34 syslog/syslog 177: Oct 3 14:01:03: %SYS-5-CONFIG_I: Configured from console by sr_sr on vty0 (157.174.9.4) Oct 3 14:01:49 syslog/syslog 178: Oct 3 14:04:18: %SYS-5-CONFIG_I: Configured from console by sr_sr on vty0 (157.174.9.8) Oct 3 14:07:29 syslog/syslog 11: Oct 3 14:09:50: %SYS-5-CONFIG_I: Configured from console by sr_sr on vty0 (157.174.9.12) %pwd /var/log/hosts/syslog/2005/10/03 ; syslog is the hostname of the syslog server. regards fico On 10/3/05, Nate Campi <nate@campin.net> wrote:
On Mon, Oct 03, 2005 at 08:31:55AM +0800, fico gid wrote:
Hi Catenate/All,
My syslog-ng is from freebsd port version syslog-ng-1.6.6 . Right now the logs are not separated by their hostname - year - month - day .Instead they are going into one which is the localhost logs which is /var/log/host/localhost/year/month/date/local7 (local7 is from the routers)
I wonder why its not creating the remote hosts directory.
Please paste in a couple log entries that are logged incorrectly.
Thanks. -- Nate
"Don't let school interfere with your education." - Samuel Clemens
participants (3)
-
catenate
-
fico gid
-
Nate Campi