Hi all, I see that version 14 version does not support "sync" now ( -/var/log/xxx.log alternative in standard syslogd). As a rule a big logging may incredible slow down logstation without "-" mode. It's too bad for central logstation. Next. Standard syslogd writes "host" field correct - corresponding to client name, but remote client's messages in syslog-ng always looks like "srcname/syslog-ng_server_name". It's too hard for admin to separate logfiles visually. For last :) Can somebody give me _working_ example of log separating by remote hostname or IP address. It's not trivial for me :) PS: all _announced_ features works fine for me, including UDP remote logging with "program" and "match" filters. Thanks to autor. --- Pavel Golubev PG810-RIPE Global Ukraine Inc.
I see that version 14 version does not support "sync" now ( -/var/log/xxx.log alternative in standard syslogd). As a rule a big logging may incredible slow down logstation without "-" mode. It's too bad for central logstation.
I'll add sync as soon as I have a little time.
Next. Standard syslogd writes "host" field correct - corresponding to client name, but remote client's messages in syslog-ng always looks like "srcname/syslog-ng_server_name". It's too hard for admin to separate logfiles visually.
Yes, there's a problem in hostname generation in current versions, it's fixed here in my local copy, but the source is in a bit of flux now, and I didn't want to release it.
For last :) Can somebody give me _working_ example of log separating by remote hostname or IP address. It's not trivial for me :)
There are two ways doing this: modifying the /etc/services file to make your syslogd to log to a different port (instead of 514). Each client hosts log to a different port number, then declare a source for each client: source c1 { udp 0.0.0.0,514; }; source c2 { udp 0.0.0.0,515; }; etc. Each computer's log come from a distinct source. Another solution is to use the new host() filter: source src { udp 0.0.0.0,514; }; # each computer logs to this source filter f_c1 { host("hostname1"); }; filter f_c2 { host("hostname2"); }; log { source src; filter f_c1; destination c1; }; ... -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
On Tue, 11 May 1999, Balazs Scheidler wrote:
Next. Standard syslogd writes "host" field correct - corresponding to client name, but remote client's messages in syslog-ng always looks like "srcname/syslog-ng_server_name". It's too hard for admin to separate logfiles visually.
Yes, there's a problem in hostname generation in current versions, it's fixed here in my local copy, but the source is in a bit of flux now, and I didn't want to release it.
For last :) Can somebody give me _working_ example of log separating by remote hostname or IP address. It's not trivial for me :)
There are two ways doing this:
modifying the /etc/services file to make your syslogd to log to a different port (instead of 514). Each client hosts log to a different port number, then declare a source for each client:
source c1 { udp 0.0.0.0,514; }; source c2 { udp 0.0.0.0,515; }; etc.
Each computer's log come from a distinct source.
Yes - It's works fine, but announced "host" filter does not. My simple config: ----------------- source src { udp 0.0.0.0,514; }; destination dest { file /var/log/syslog-ng.monkey; }; filter monk { host("monkey"); }; log { source src; filter monk; destination dest; }; ----------------- In "monkey" (monkey is real hostname) host I have standard syslogd with: *.* @syslog-ng_hostname And....nothing. With syslog-ng config like: ----------------- source src { udp 0.0.0.0,514; }; destination dest { file /var/log/syslog-ng.monkey; }; log { source src; destination dest; }; ----------------- all works, of course. Is standard syslogd compatible with syslog-ng as client? Do I understand "host" filter directive right? Thanks.
Another solution is to use the new host() filter:
source src { udp 0.0.0.0,514; }; # each computer logs to this source
filter f_c1 { host("hostname1"); }; filter f_c2 { host("hostname2"); };
log { source src; filter f_c1; destination c1; }; ...
-- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu
_______________________________________________ syslog-ng maillist - syslog-ng@vekoll.saturnus.vein.hu http://vekoll.saturnus.vein.hu/mailman/listinfo/syslog-ng
--- Pavel Golubev PG810-RIPE Global Ukraine Inc.
Hi, Just FYI. Source RPM for build libol-0.1.10 and syslog-ng-1.1.14 RPM you can get from: ftp://ftp.equinox.gu.net/pub/linux/devel/syslog-ng-1.1.14.KSI2-2.src.rpm --- Pavel Golubev PG810-RIPE Global Ukraine Inc.
participants (2)
-
Balazs Scheidler
-
Pavel Golubev