[syslog-ng] Re: Your sugestion about my problem
Balazs Scheidler
bazsi@balabit.hu
Sat, 17 Jun 2000 09:47:45 +0200
> So my intention is very simple, separate log files under firewall events,
> this proceedings are necessary to run after special programs to create
> security reports, so to do this bellow are my conf files: Case telnet service.
>
>
>
> syslog-ng.conf
>
> options { long_hostnames(off); sync(0); };
> source src { unix-dgram("/dev/log"); internal(); };
> destination messages { file("/var/log/telnet.log"); };
> filter f_telnet { match ("192.168.0.4:23"); };
> log { source(src); filter (f_telnet); destination(messages); };
>
> firewall log file
>
> Packet log: input DENY eth0 PROTO=6 192.168.0.2:1323 192.168.0.4:23 L=48 S=0x00
> I=62731 F=0x4000 T=128 SYN (#1)
> Packet log: input DENY eth0 PROTO=6 192.168.0.2:1323 192.168.0.4:23 L=48 S=0x00
> I=62987 F=0x4000 T=128 SYN (#1)
>
>
> I'm running a linux redhat 6.2, ipchains and 2.2.15 kernel version, so I
> think right or what do you sugest to resolv this problem because the file
> telnet.log is always empty, what wrong.
Your klogd is not running. The events above are produced by the kernel, and
klogd may not be sending logs. Try to restart it, after you started
syslog-ng.
--
Bazsi