Good Day Could someone tell how to match message by 'blah', the word before '@' ? """ May 22 21:28:29 blah@localhost/dns syslog-ng starting up; """ Thanks in advance
On Thu, 2008-05-22 at 21:39 -0500, Dorian wrote:
Good Day
Could someone tell how to match message by 'blah', the word before '@' ?
""" May 22 21:28:29 blah@localhost/dns syslog-ng starting up; """
host("^blah") -- Bazsi
Balazs Scheidler wrote:
On Thu, 2008-05-22 at 21:39 -0500, Dorian wrote:
Good Day
Could someone tell how to match message by 'blah', the word before '@' ?
""" May 22 21:28:29 blah@localhost/dns syslog-ng starting up; """
host("^blah")
no shit ? P.S. not working. I've tried everything before asking source blah { file("/var/log/blah.log" ); }; destination remote_host { tcp("10.1.0.1"); }; log { source(blah); destination(remote_host); } on remote_host: source everyone { tcp(max_connections(100)); }; filter blah { host("^blah"); }; log { source(everyone); filter(blah); destination(somewhere); };
On Fri, 2008-05-23 at 20:51 -0500, Dorian wrote:
Balazs Scheidler wrote:
On Thu, 2008-05-22 at 21:39 -0500, Dorian wrote:
Good Day
Could someone tell how to match message by 'blah', the word before '@' ?
""" May 22 21:28:29 blah@localhost/dns syslog-ng starting up; """
host("^blah")
no shit ?
P.S.
not working. I've tried everything before asking
I've just tried and it does work. Which syslog-ng version are you using? In 2.0 you can also enable filter debugging if you use the '-d' command line switch, syslog-ng will report the result of each filter check. -- Bazsi
I've just tried and it does work. Which syslog-ng version are you using?
indeed, seems it is working, but even with -d not showing anything in logs on both sides. btw, how to reduce the interval between syncs ? this is in my config: options { stats_freq(0); } and records appear on the remote host, say not instantly
On Mon, 2008-05-26 at 12:23 -0500, Dorian wrote:
I've just tried and it does work. Which syslog-ng version are you using?
indeed, seems it is working, but even with -d not showing anything in logs on both sides.
again, it'd be useful if you gave us version number. pretty please.
btw, how to reduce the interval between syncs ?
this is in my config:
options { stats_freq(0); }
and records appear on the remote host, say not instantly
stats_freq() control the frequency of the "Log statistics" message. You are probably interested in the flush_lines() and flush_timeout() options. These are described here: http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch09s02.html -- Bazsi
again, it'd be useful if you gave us version number. pretty please.
syslog-ng 2.0.0-1etch1
You are probably interested in the flush_lines() and flush_timeout() options. These are described here:
the same. not waited logs on the server and do not know the time con client and server in options {} : flush_lines(1); flush_timeout(1);
Hi,
again, it'd be useful if you gave us version number. pretty please.
syslog-ng 2.0.0-1etch1
You are probably interested in the flush_lines() and flush_timeout() options. These are described here:
the same. not waited logs on the server and do not know the time
con client and server in options {} :
flush_lines(1); flush_timeout(1);
Could you describe in detail what is your problem? Reading over and over this thread I still don't know what you're after. It would be also very helpful if you could provide evidence (unmodified log lines for example) that something isn't working. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Could you describe in detail what is your problem? Reading over and over this thread I still don't know what you're after.
I'm trying to make syslog-ng to send log asap to syslog-ng server and last one should write it to file immediately. The problem is that syslog-ng not sending immediately and server not writing immediately.
It would be also very helpful if you could provide evidence (unmodified log lines for example) that something isn't working.
There's no errors and no debug messages even with '-d' option on both sides
Hi,
Could you describe in detail what is your problem? Reading over and over this thread I still don't know what you're after.
I'm trying to make syslog-ng to send log asap to syslog-ng server and last one should write it to file immediately. The problem is that syslog-ng not sending immediately and server not writing immediately.
OK. As Bazsi suggested the flush_timeout() option enforces to write the buffered logs to destinations. It would be useful having tcpdump/ ethereal running on the sending host during your test. This way you can compare the timestamp of the log message and the timestamp of the network packet to see whether there is a network latency. Capturing network traffic on the receiving side too is a good idea. If you really want to trace the data flow then the best would be to capture network traffic on both ends, and run both syslog-ng instances under strace (with options like -ff -tt -s 1024 -o syslogngstrace ) On the receiving side even when flush_timeout() is used the OS could still buffer the writes. Using fsync() you can enforce the OS to flush its buffers (however this might cause performance problems, not for syslog-ng only but for every apps using the same filesystem...). Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
OK. As Bazsi suggested the flush_timeout() option enforces to write the
it doing nothing In fact syslog-ng sending to server only on restart, sometimes. Or with intervals in few hours this is my config on client: http://80.93.122.37/media/syslog-ng.conf and this is on server: http://80.93.122.37/media/syslog-ng.conf_srv
buffered logs to destinations. It would be useful having tcpdump/ ethereal running on the sending host during your test. This way you can compare the timestamp of the log message and the timestamp of the network packet to see whether there is a network latency.
tcpdump shows nothing. syslog-ng sending nothing
participants (4)
-
Balazs Scheidler
-
Dorian
-
Geller, Sandor (IT)
-
Vitaliyi