[syslog-ng] Remote loging and facility seperation of incoming logs.

deant@stsi.net deant@stsi.net
Wed, 1 Sep 1999 16:26:11 -0400 

> On Tue, Aug 31, 1999 at 10:40:44AM -0400, deant@stsi.net wrote:
> > Salutations all,
> > 
> > I am attempting to set up a network log server for our Debian and 
> > RedHat servers.  I can cause the other boxen to send the information 
> > to the log server. The log server receives the packets. However, I 
> > am having some difficulty separating the inbound packets by box and 
> > routing them to different files by facility.  Any assistance would 
> > be appreciated.
> 
> Instead of filtering based on facility, use the host() filter to sort
> messages belonging to different hosts to different destinations:
> 
> source s_net { udp(); };
> 
> filter f_host1 { host("host1");
> destination d_host1 { file("/var/log/host1/messages"); };
> 
> log { source(s_net); filter(f_host1); destination(d_host1); };

I have upgraded to the 1.1.13 debian package. Using the schema above 
I receive "Starting system logging: parse error at 43".  

Here is a snip from my configuration file.
--- snip ---

# Syslog-ng program configuration option settings.
options { long_hostnames(off); sync(0); };

# Log stream setup.
source src { unix-stream("/dev/log"); internal(); };
source net { udp(); };

#####################################################################
#FILTER DEFINITIONS
# --- snip --- standard facility and level definitions --- snip ---
# host definition
filter f_zeus { host("zeus");
##########ERROR AT THIS POINT<<<<<<<<<<<<<
filter f_apollo { host("apollo");
filter f_ren { host("ren");
filter f_mercury { host("mercury");

destination authlog { file("/var/log/scribe/auth.log"); };
destination zeus_authlog { file("/var/log/zeus/auth.log");

# --- snip --- ...etc,etc,etc for other log file destination 
descriptions. --- snip --- 

# scribe local logging
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
# --- snip --- ...etc,etc,etc for other logging statements. --- snip 
---


I must be forming the host statement incorrectly.  What do you think?




Eschew Esoteric Obfuscation
UNIX Administration
SouthNet TeleCom
deant@stsi.net
T. Dean Tate