syslog-ng- filter() problem
Hi, I am trying to collect traps from these two networks. 66.163.79.0/255.255.255.128 and 64.251.65.224/255.255.255.240 I don't understand why when I do this it doesn't collect anything Any ideas/.?? ---------------------------------------------------------------------------- --------------------------- source src{unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; destination messages { file("/var/log/messages"); }; filter f_messages { not level(warn); }; log { source(src); filter(f_messages); destination(messages); }; #filter snmptrap filter f_snmptrap { level(warn); }; #testing filters for the different networks filter f_ipbb1 {netmask("66.163.79.0/255.255.255.128"); }; filter f_ipbb2 {netmask("64.251.65.224/255.255.255.240"); }; destination ipbb_traps { file("/store/ipbb/traps/$YEAR-$MONTH-$DAY"); }; log { source(src); filter(f_snmptrap); filter(f_ipbb1); filter (f_ipbb2); destination(ipbb_traps); }; ---------------------------------------------------------------------------- ------------------------------- Kelly Pow IP Backbone Networks Intern Shaw CableSystems G.P Tel: 1.403.303.6387 kelly.pow@sjrb.ca <mailto:kelly.pow@sjrb.ca>
Are you collecting traps or syslog data ? Tcpdump is your friend - are the syslog speakers speaking to the right place ? Is anything else being logged on the box from other sources? Does the destination exist and permissions correct What os ? Which versions of syslog-ng _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Kelly Pow Sent: Thursday, July 28, 2005 5:55 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] syslog-ng- filter() problem Hi, I am trying to collect traps from these two networks. 66.163.79.0/255.255.255.128 and 64.251.65.224/255.255.255.240 I don't understand why when I do this it doesn't collect anything Any ideas/.?? ------------------------------------------------------------------------ ------------------------------- source src{unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; destination messages { file("/var/log/messages"); }; filter f_messages { not level(warn); }; log { source(src); filter(f_messages); destination(messages); }; #filter snmptrap filter f_snmptrap { level(warn); }; #testing filters for the different networks filter f_ipbb1 {netmask("66.163.79.0/255.255.255.128"); }; filter f_ipbb2 {netmask("64.251.65.224/255.255.255.240"); }; destination ipbb_traps { file("/store/ipbb/traps/$YEAR-$MONTH-$DAY"); }; log { source(src); filter(f_snmptrap); filter(f_ipbb1); filter (f_ipbb2); destination(ipbb_traps); }; ------------------------------------------------------------------------ ----------------------------------- Kelly Pow IP Backbone Networks Intern Shaw CableSystems G.P Tel: 1.403.303.6387 kelly.pow@sjrb.ca
On Thu, 2005-07-28 at 23:54, Kelly Pow wrote:
Hi,
I am trying to collect traps from these two networks. 66.163.79.0/255.255.255.128 and 64.251.65.224/255.255.255.240
I don’t understand why when I do this it doesn’t collect anything
Any ideas/.??
source src{unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
Hi, seems that you are missing the udp() source statement. Make it: source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); udp(); }; This will make syslog-ng receive remote messages. Don't forget to open a possible firewall for UDP Port 514. HTH, Jens
______________________________________________________________________ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (3)
-
Edward Brookhouse
-
Jens Grigel
-
Kelly Pow