[syslog-ng]iptables & syslog-ng
Michael Renner
robe@amd.co.at
Wed, 29 Aug 2001 16:53:37 +0200 (CEST)
On Wed, 29 Aug 2001, Nijs, Daniel wrote:
> Hi Michael
>
> That did indeed fix the problem, are you running 1.5.9? Now I have to write
> rules for two src's which could cause more overhead, so I would like to know
> if this is a bug of some sort, or normal behavior. Thanks for your help,
> this really works well.
Hi Daniel!
I'm currently using syslog-ng 1.4.11 because I dont have the time to play
around with the newer versions. The 1.4 branch is stable, and as soon as
1.6 is released i will think about upgrading. There are also a bunch of
new configuration changes which (AFAIK) aren't yet documented in the
online help, and I hate browsing through mailing list archives :).
I never tried getting klogd to work with syslog-ng, because it offered a
native option of getting the kernel messages. But you can put as many
sources as you want in one source-definition, e.g.
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
should do the trick. That solution was impractical for me, because i would
have to filter much more out of one big stream of data. Now i've got 2
logfiles for the kernel-source, one iptables-log and one for the other
kernel messages.
I think the overhead generated by the two log sources is so small that its
negligible, it's just a bigger config file :)
greetz michael