I have successfully installed syslog-ng and have it doing most of what I want it to do, with the exception of one thing. I have a host that is not reporting it's IP in a standard format (or I guess that's what's happening) because syslog-ng is creating a new directory based on what looks to be command types. See below: %SYS-I-INITSYS, %SSH-W-IDLE_TIMEOUT, %CLI-E-NOFACINST, So my question is, is there a way to force a specific host to a specific log file before the auto-creation of directories happens? Below is a snipped of my log file. Hopefully I am including all the info I need to help figure this out, but if I'm not, please let me know. options { chain_hostnames(no); create_dirs (yes); dir_perm(0755); dns_cache(yes); keep_hostname(yes); log_fifo_size(2048); log_msg_size(8192); long_hostnames(on); perm(0644); stats(3600); sync(0); time_reopen (10); use_dns(yes); use_fqdn(no); }; source src { unix-dgram("/dev/log"); internal(); udp(); tcp(port(514) keep-alive(yes) max-connections(25));}; destination std { file("/var/log/HOSTS/$HOST/$HOST.syslog" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) ); }; Dylan Bouterse Network Manager Global Card Services (407) 206-7714 office dhbouterse@fhmsi.com Note: This e-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation. First Horizon Merchant Services.
On Fri, Jan 23, 2004 at 11:40:20AM -0700, Dylan H. Bouterse wrote:
... because syslog-ng is creating a new directory based on what looks to be command types. See below:
%SYS-I-INITSYS, %SSH-W-IDLE_TIMEOUT, %CLI-E-NOFACINST,
You want to add the option: check_hostname(yes); Which will cause syslog-ng to reject funny-looking hostnames like ones that begin with %, and use the IP address instead.
So my question is, is there a way to force a specific host to a specific log file before the auto-creation of directories happens? Below is a snipped of my log file. Hopefully I am including all the info I need to help figure this out, but if I'm not, please let me know.
options { chain_hostnames(no); create_dirs (yes); dir_perm(0755); dns_cache(yes); keep_hostname(yes); log_fifo_size(2048); log_msg_size(8192); long_hostnames(on); perm(0644); stats(3600); sync(0); time_reopen (10); use_dns(yes); use_fqdn(no); };
source src { unix-dgram("/dev/log"); internal(); udp(); tcp(port(514) keep-alive(yes) max-connections(25));};
destination std { file("/var/log/HOSTS/$HOST/$HOST.syslog"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) ); };
Dylan Bouterse Network Manager Global Card Services (407) 206-7714 office dhbouterse@fhmsi.com
Note: This e-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation.
First Horizon Merchant Services.
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- eravin@ | Grief can take care of itself; but to get the full panix.com | value of a joy you must have somebody to divide it with. | -- Mark Twain
participants (2)
-
Dylan H. Bouterse
-
Ed Ravin