[syslog-ng]Real time .conf?
Balazs Scheidler
bazsi@balabit.hu
Thu, 9 Nov 2000 09:41:35 +0100
Hi,
> Thanks. Somehow though, I don't think that worked. Here is my config file.
>
> # this file show more or less all the features of syslog-ng
>
> options {sync(0); create_dirs(yes);};
>
> source int { unix-stream("/dev/log"); internal(); };
> source src { udp(port(514)); };
>
> destination everything {
> file("/NetscreenLogs/$HOST/$HOST.$MONTH-$DAY-$YEAR.log"
> owner(NetscreenLogs)
> group(NetscreenLogs)
> perm(0777)
> dir_perm(0777));
> };
>
> destination internallogs { file("/var/log/messages"); };
>
>
> log { source(src); destination(everything); };
> log { filter(DEFAULT); destination(internallogs); };
>
>
>
> All I am trying to do is have my remote boxes send their syslog messages to
> my server, and have the server create some semblance of a directory
> structure. Simple.
>
> But, when I watch packets with tcpdump, it seems there are A LOT more udp
> port 514 packets than there are log records. My tcpdump sessions shows
> hundreds of udp port 514 packets while my tail -f of my log RARELY updates.
>
> Am I losing data?!?!?!?
I don't think so. Can you strace syslog-ng to see if it does receive those
messages?
strace -s 256 -p <pidofsyslog-ng>
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt