[syslog-ng] Destination systax fail ??
Leonardo Marques de Souza
leo@conectiva.com.br
Thu, 15 Jun 2000 11:52:16 -0300 (BRST)
Its my full syslog-ng.conf
# ----8<------------------------------------------------------------------
#
# Syslog-ng configuração para o Conectiva Linux 5.1
#
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf,v 1.0 12/06/2000 12:30:41 bazsi Exp $
#
# Arquivo de configuração syslog-ng, compatible com o syslogd do Conectiva
#
# Adaptado por Leo
# Leonardo Marques de Souza <leo@conectiva.com.br>
#
# Opções Padrão
#options { long_hostnames(off); sync(0); };
# ------------------------
# Fontes de Leitura do Log
# ------------------------
# Leitura do /dev/log
source src { unix-stream("/dev/log"); internal(); };
# Leitura da porta UDP do syslog padrão (514)
#
# Por padrão, ele não esta ligado na instalação
# Para iniciá-lo, basta descomentar a linha abaixo
source net { udp(ip("10.0.2.4") port(514)); };
# ---------------------------
# Destino dos dados Filtrados
# ---------------------------
destination remotenet { udp(ip("10.0.0.10") port("514")); };
destination console { pipe("/dev/console"); };
destination messages { file("/var/log/messages"); };
destination secure { file("/var/log/secure"); };
destination maillog { file("/var/log/maillog"); };
destination spooler { file("/var/log/spooler"); };
destination boot { file("/var/log/boot.log"); };
# ------------------------
# Configuração dos filtros
# ------------------------
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
filter f_authpriv { facility(authpriv); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_local7 { facility(local7); };
filter f_info { level(info); };
filter f_crit { level(crit); };
filter f_emerg { level(emerg); };
filter f_notice { level(notice); };
# ------------------------
# Arquivos de destino
# ------------------------
log { source(src); filter(f_kern); destination(console); };
log { source(src); filter(f_info); destination(messages); };
log { source(src); filter(f_authpriv); destination(secure); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_uucp); filter(f_crit); destination(spooler); };
log { source(src); filter(f_local7); destination(boot); };
#log { source(src); filter(f_authpriv); destination(remote_net); };
# ---8<---------------------------------------------------------
[root@patolino syslog-ng-1.4.4]# syslog-ng -d -v
parse error at 33
Parse error reading configuration file, exiting.
[root@patolino syslog-ng-1.4.4]#
[root@patolino syslog-ng-1.4.4]# strace syslog-ng -d -v
[snips]
brk(0x8059000) = 0x8059000
open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3
brk(0x805e000) = 0x805e000
ioctl(3, TCGETS, 0xbffff834) = -1 ENOTTY (Inappropriate ioctl for device)
read(3, "#\n# Syslog-ng configura\347\343o para "..., 8192) = 2121
read(3, "", 6071) = 0
write(2, "parse error at 33\n", 18parse error at 33
) = 18
close(3) = 0
write(2, "Parse error reading configuratio"..., 49Parse error reading configuration file, exiting.
) = 49
_exit(1) = ?
[root@patolino syslog-ng-1.4.4]#
Sniff :( not works ...
a more SIMPLE conf :
---------8<-----------
options { long_hostnames(off); sync(0); };
source src { unix-stream("/dev/log"); internal(); };
source net { udp(ip(10.0.2.4) port(514)); };
destination messages { file("/var/log/messages"); };
destination remotenet { udp(ip("10.0.0.10") port("514")); };
filter f_info { level(info); };
log { source(src); filter(f_info); destination(messages); };
log { source(net); filter(f_info); destination(remotenet); };
------------8<-------------
[root@patolino syslog-ng]# syslog-ng -d -v
parse error at 5
Parse error reading configuration file, exiting.
[root@patolino syslog-ng]#
other combinations:
source net { udp(ip("10.0.2.4") port("514")); };
source net { udp(10.0.2.4 514); };
source net { udp(10.0.2.4, 514); };
source net { udp("10.0.2.4" "514"); };
source net { udp(10.0.2.4) port(514); };
source net { udp(10.0.2.4); port(514); };
source net { udp(ip("10.0.2.4") port("514");); };
source net { udp(ip("10.0.2.4") { port("514")};); };
no way... i got same errors :(((
I do not undersand the lex-algoritm in source code ...
i will try more...
Any Help?? I would like to do this program to work in our machines (remote
log) ...
What i doing wrong?? I see the manuals, helps, web-list.. :((
and why "destination" and "source" have diferent sintax??
too strange... :(
Its appers too simple, but i not got any coerent debug to undertand whats
happen..
Thanks in advanced,
Any help are wellcome.
Ps.: im still tring to do this program works with remote log, but fails.
Leonardo Marques de Souza
+--------------------------+
| Conectiva S/A |
|Curitiba - Paraná - Brazil|
| Suporte Interno |
+--------------------------+
On Thu, 15 Jun 2000, Hamilton, Andrew Mr. wrote:
> Yes, there is a problem the line should read
>
> destination remotenet { udp("10.0.0.10" port(514)); };
>
???
destination remotenet { udp("10.0.0.10"); port(514); };
destination remotenet { udp("10.0.0.10" {port("514")}; ); };
Thanks!! but i tried and nothing happens...
> The port statement goes inside the parentheses since it is a function of udp
> for a destination. sources are a little different.
hummm ok..
thanks!