[syslog-ng] Destination systax fail ??

Balazs Scheidler bazsi@balabit.hu
Sat, 17 Jun 2000 00:42:05 +0200


On Thu, Jun 15, 2000 at 11:52:16AM -0300, Leonardo Marques de Souza wrote:
> 
> 
> Its my full syslog-ng.conf
> 
> 
> # ----8<------------------------------------------------------------------
> #
> # Syslog-ng configuraç?o para o Conectiva Linux 5.1
> #
> # Copyright (c) 1999 Balazs Scheidler
> # $Id: syslog-ng.conf,v 1.0 12/06/2000 12:30:41 bazsi Exp $
> #
> # Arquivo de configuraç?o syslog-ng, compatible com o syslogd do Conectiva
> #
> # Adaptado por Leo
> # Leonardo Marques de Souza <leo@conectiva.com.br>
> #
> 
> # Opç?es Padr?o
> #options { long_hostnames(off); sync(0); };
> 
> # ------------------------
> # Fontes de Leitura do Log
> # ------------------------
> 
> # Leitura do /dev/log
> source src { unix-stream("/dev/log"); internal(); };
> 
> # Leitura da porta UDP do syslog padr?o (514)
> #
> # Por padr?o, ele n?o esta ligado na instalaç?o
> # Para iniciá-lo, basta descomentar a linha abaixo
> 
> source net { udp(ip("10.0.2.4") port(514)); };
> 
> # ---------------------------
> # Destino dos dados Filtrados
> # ---------------------------
> 
> destination remotenet { udp(ip("10.0.0.10") port("514")); };

this should be:

destination remotenet { udp("10.0.0.10" port(514)); };

> destination console { pipe("/dev/console"); };
> destination messages { file("/var/log/messages"); };
> destination secure { file("/var/log/secure"); };
> destination maillog { file("/var/log/maillog"); };
> destination spooler { file("/var/log/spooler"); };
> destination boot { file("/var/log/boot.log"); };
> 
> # ------------------------
> # Configuraç?o dos filtros
> # ------------------------
> 
> filter f_kern { facility(kern); };
> filter f_mail { facility(mail); };
> filter f_authpriv { facility(authpriv); };
> filter f_uucp { facility(cron); };
> filter f_news { facility(news); };
> filter f_local7 { facility(local7); };
> 
> filter f_info { level(info); };
> filter f_crit { level(crit); };
> filter f_emerg { level(emerg); };
> filter f_notice { level(notice); };
> 
> # ------------------------
> # Arquivos de destino
> # ------------------------
> 
> log { source(src); filter(f_kern); destination(console); };
> log { source(src); filter(f_info); destination(messages); };
> log { source(src); filter(f_authpriv); destination(secure); };
> log { source(src); filter(f_mail); destination(maillog); };
> log { source(src); filter(f_uucp); filter(f_crit); destination(spooler); };
> log { source(src); filter(f_local7); destination(boot); };
> 
> #log { source(src); filter(f_authpriv); destination(remote_net); };
> 
> # ---8<---------------------------------------------------------

> a more SIMPLE conf :
> 
> ---------8<-----------
> options { long_hostnames(off); sync(0); };
> source src { unix-stream("/dev/log"); internal(); };
> source net { udp(ip(10.0.2.4) port(514)); };
> destination messages { file("/var/log/messages"); };
> destination remotenet { udp(ip("10.0.0.10") port("514")); };

destination remotenet { udp("10.0.0.10" port(514)); };

> 
> filter f_info { level(info); };
> 
> log { source(src); filter(f_info); destination(messages); };
> log { source(net); filter(f_info); destination(remotenet); };
> ------------8<-------------
> 
> [root@patolino syslog-ng]# syslog-ng -d -v
> parse error at 5
> Parse error reading configuration file, exiting.
> [root@patolino syslog-ng]# 
> 
> 
> other combinations:
> source net { udp(ip("10.0.2.4") port("514")); };
> source net { udp(10.0.2.4 514); };
> source net { udp(10.0.2.4, 514); };
> source net { udp("10.0.2.4" "514"); };
> source net { udp(10.0.2.4) port(514); };
> source net { udp(10.0.2.4); port(514); };
> source net { udp(ip("10.0.2.4") port("514");); };
> source net { udp(ip("10.0.2.4") { port("514")};); };
> 
> no way... i got same errors  :(((
> 
> I do not undersand the lex-algoritm in source code ...
> i will try more...
> 
> Any Help?? I would like to do this program to work in our machines (remote
> log) ...
> 
> What i doing wrong?? I see the manuals, helps, web-list.. :((
> and why "destination" and "source" have diferent sintax??
> too strange... :(
> 

because udp and tcp sources have default IP address (0.0.0.0), specifying an IP is optional, thus it is using the optional parameters syntax.