[syslog-ng] Troubles with kernel facility items (firewall DENYs esp.)
Jason Hollinden
jasonh@kiva.net
Fri, 8 Oct 1999 14:33:34 -0500 (EST)
I've set up syslog-ng as directed by everything I could find. In the
.conf file below, yertle is the local machine running syslog-ng, and the
other 2 are remote machines. The remote machine lines output everything
fine, but the local (yertle) will not report any kernel messages (such as
kernel firewall DENYs). I've tried adding the unix-stream /dev/klog for
the inside_src, but that didn't help. Here's my .conf:
==========8<---------------------------------------
options { long_hostnames(off); sync(0); };
source inside_src { unix-stream("/dev/log"); internal(); };
source outside_src { udp(ip(0.0.0.0) port(514)); };
filter f_nancy { host("nancy"); };
filter f_hbgb { host("hbgb"); };
destination yertle { file("/var/log/yertle"); };
destination nancy { file("/var/log/nancy"); };
destination hbgb { file("/var/log/hbgb"); };
log { source(inside_src); destination(yertle); };
log { source(outside_src); filter(f_nancy); destination(nancy); };
log { source(outside_src); filter(f_hbgb); destination(hbgb); };
==========8<---------------------------------------
Since I've only been messing with this for 1 hour, I'm sure I've just
glanced over the answer, but any help would be appreciated.
--
Liar (HBGB) jasonh@kiva.net
-----------------------------------------------------------------------
"You can't be a real country unless you have a beer and an airline. It
helps if you have some kind of a football team, or some nuclear
weapons, but at the very least you need a beer."
-Frank Zappa