[syslog-ng] ipfw logging
Hamilton, Andrew Mr.
HamiltonA@hq.5sigcmd.army.mil
Wed, 31 May 2000 07:07:43 +0200
What are you running on? Your source in src looks a little strange. Most
sources are something like /dev/log. What is coming in to /var/run/log? Do
you have something putting log messages into a file?
Drew
> -----Original Message-----
> From: maillist [SMTP:maillist@krel.org]
> Sent: Tuesday, May 30, 2000 11:21 PM
> To: syslog-ng@venus.terrasoft.hu
> Subject: [syslog-ng] ipfw logging
>
> hi, ive been trying for two days to log ipfw messages to separate file and
> with no success. as soon as i turn on old syslogd with
> !ipfw
> *.* /var/log/ipfw
> it works
> but syslog-ng with:
> source src { unix-dgram("/var/run/log"); udp(); internal(); }
> destination ipfw { file("/var/log/ipfw.log"); };
> filter f_ipfw { program("ipfw"); };
> log { source(src); filter("f_ipfw"); destination("ipfw"); };
> just doesnt catch anything, all the messages from ipfw appear on console,
> but not in any file, even not in all.log!
>
> here is my full config:
> # options
> options { long_hostnames(off); sync(0); };
>
> # sources
> source src { unix-dgram("/var/run/log"); udp(); internal(); };
> source src2 { unix-dgram("/var/run/log2"); udp(ip(xxx.xxx.xxx.xxx)
> port(514)); };
>
> # destinations
> destination messages { file("/var/log/messages"); };
> destination security { file("/var/log/security"); };
> destination maillog { file("/var/log/maillog"); };
> destination lpd-errs { file("/var/log/lpd-errs"); };
> destination cron { file("/var/log/cron"); };
> destination all { file("/var/log/all.log"); };
> destination newscrit { file("/var/log/news/news.crit"); };
> destination newserr { file("/var/log/news/news.err"); };
> destination newsnotice { file("/var/log/news/news.notice"); };
> destination slip { file("/var/log/slip.log"); };
> destination ppp { file("/var/log/ppp.log"); };
> destination console { file("/dev/console"); };
> destination root { usertty("root"); };
> destination allusers { usertty("*"); };
> destination rogue { file("/var/log/rogue"); };
> destination cobalt { file("/var/log/cobalt"); };
> destination cisco { file("/var/log/cisco"); };
> destination voyager { file("/var/log/voyager"); };
> destination lists { file("/var/log/lists"); };
> destination lists_m { file("/var/log/lists.sendmail"); };
> destination apollo { file("/var/log/apollo"); };
> destination samson { file("/var/log/samson"); };
> destination samson_d { file("/var/log/samson.bind"); };
> destination bugsy { file("/var/log/bugsy"); };
> #destination loghost { udp("loghost" port(514)); };
> destination goblin { file("/var/log/goblin"); };
> destination allsec { file("/var/log/allsec"); };
> destination samson.named { file("/var/log/named"); };
> destination ipfw { file("/var/log/ipfw.log"); };
>
> # log facility filters
> filter f_auth { facility(auth); };
> filter f_authpriv { facility(authpriv); };
> filter f_cron { facility(cron); };
> filter f_daemon { facility(daemon); };
> filter f_ftp { facility(ftp); };
> filter f_kern { facility(kern); };
> filter f_lpr { facility(lpr); };
> filter f_mail { facility(mail); };
> filter f_news { facility(news); };
> filter f_security { facility(security); };
> filter f_user { facility(user); };
> filter f_uucp { facility(uucp); };
> filter f_local0 { facility(local0); };
> filter f_local1 { facility(local1); };
> filter f_local2 { facility(local2); };
> filter f_local3 { facility(local3); };
> filter f_local4 { facility(local4); };
> filter f_local5 { facility(local5); };
> filter f_local6 { facility(local6); };
> filter f_local7 { facility(local7); };
>
> # log host filters
> filter h_rogue { host("rogue"); };
> filter h_cobalt { host("www"); };
> filter h_cisco { host("cisco"); };
> filter h_voyager { host("voyager"); };
> filter h_lists { host("lists"); };
> filter h_apollo { host("apollo"); };
> filter h_samson { host("samson"); };
> filter h_bugsy { host("bugsy"); };
> filter h_goblin { host("goblin"); };
>
> # log level filters
> filter f_emerg { level(emerg); };
> filter f_alert { level(alert..emerg); };
> filter f_crit { level(crit..emerg); };
> filter f_err { level(err..emerg); };
> filter f_warning { level(warning..emerg); };
> filter f_notice { level(notice..emerg); };
> filter f_info { level(info..emerg); };
> filter f_debug { level(debug..emerg); };
>
> # program filters
> filter f_ppp { program("ppp"); };
> filter f_slip { program("startslip"); };
> filter f_send { program("sendmail"); };
> filter nf_send { not program("sendmail"); };
> filter f_bind { program("named"); };
> filter nf_bind { not program("named"); };
> filter f_ipfw { program("ipfw"); };
> #filter nf_ipfw { not program("ipfw"); };
>
>
>
> log { source(src2); filter("f_ipfw"); destination("ipfw"); };
>
> # *.err;kern.debug;auth.notice;mail.crit /dev/console
> log { source(src); filter(f_err); destination(console); };
> log { source(src); filter(f_kern); filter(f_debug); destination(console);
> };
> log { source(src); filter(f_auth); filter(f_notice); destination(console);
> };
> log { source(src); filter(f_mail); filter(f_crit); destination(console);
> };
>
> # *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> log { source(src); filter(f_notice); destination(messages); };
> log { source(src); filter(f_kern); filter(f_debug); destination(messages);
> };
> log { source(src); filter(f_lpr); filter(f_info); destination(messages);
> };
> log { source(src); filter(f_mail); filter(f_crit); destination(messages);
> };
> log { source(src); filter(f_news); filter(f_err); destination(messages);
> };
>
> # security.* /var/log/security
> log { source(src); filter(f_security); destination(security); };
>
> # mail.info /var/log/maillog
> log { source(src); filter(f_mail); filter(f_info); destination(maillog);
> };
>
> # lpr.info /var/log/lpd-errs
> log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs);
> };
>
> # cron.* /var/log/cron
> log { source(src); filter(f_cron); destination(cron); };
>
> # *.err root
> log { source(src); filter(f_err); destination(root); };
>
> # *.notice;news.err root
> log { source(src); filter(f_notice); destination(root); };
> log { source(src); filter(f_news); filter(f_err); destination(root); };
>
> # *.alert root
> log { source(src); filter(f_alert); destination(root); };
>
> # *.emerg *
> log { source(src); filter(f_emerg); destination(allusers); };
>
> # uncomment this to enable logging of all log messages to /var/log/all.log
> # *.* /var/log/all.log
> log { source(src); destination(all); };
>
> # uncomment this to enable logging to a remote loghost named loghost
> # *.* @loghost
> #log { source(src); destination(loghost); };
>
> # news.err
> /var/log/news/news.err
> # news.notice
> /var/log/news/news.notice
> #
> #log { source(src); filter(f_news); filter(f_crit); destination(newscrit);
> };
> #log { source(src); filter(f_news); filter(f_err); destination(newserr);
> };
> #log { source(src); filter(f_news); filter(f_notice);
> destination(newsnotice); };
>
>
> log { source("src2"); filter("h_rogue"); destination("rogue"); };
> log { source("src2"); filter("h_cobalt"); destination("cobalt"); };
> log { source("src2"); filter("h_cisco"); destination("cisco"); };
> log { source("src2"); filter("h_voyager"); destination("voyager"); };
> log { source("src2"); filter("h_lists"); filter("f_send");
> destination("lists_m"); };
> log { source("src2"); filter("h_lists"); filter("nf_send");
> destination("lists"); };
> log { source("src2"); filter("h_apollo"); destination("apollo"); };
> log { source("src2"); filter("h_samson"); filter("f_bind");
> destination("samson_d"); };
> log { source("src2"); filter("h_samson"); filter("nf_bind");
> destination("samson"); };
> log { source("src2"); filter("h_bugsy"); destination("bugsy"); };
> log { source("src2"); filter("h_goblin"); destination("goblin"); };
> log { source("src2"); filter("f_security"); destination("allsec"); };
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> http://lists.balabit.hu/mailman/listinfo/syslog-ng