[syslog-ng]Re: desperatly need your help
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
HamiltonA@hq.5sigcmd.army.mil
Thu, 22 Mar 2001 08:07:09 +0100
I tested this on my Solaris 7 machine and it worked as expected. I used
version 1.5.3 and libol version 0.2.21. So whatever it is it is not Solaris
7.
Regards,
Drew
> -----Original Message-----
> From: Balazs Scheidler [SMTP:bazsi@balabit.hu]
> Sent: Wednesday, March 21, 2001 4:48 PM
> To: Mariusz Bogumil
> Cc: syslog-ng@lists.balabit.hu
> Subject: [syslog-ng]Re: desperatly need your help
>
> On Wed, Mar 21, 2001 at 03:31:16PM +0100, Mariusz Bogumil wrote:
> > I think that I really desperatly need your help. I have tested all
> > possible configuration and I still cannot filter messages from snort
> > from my /var/log/messages and I start thinking that such configuration
> > is impossible. Please tell me what I am doing wrong.
> >
> > To this mail I attach my syslog-ng.conf - with only with lines that
> > describe my problem and complete config too.
> >
> > I run it on Sprac Solaris 7
>
> I tried the following configuration:
>
> source src { unix-stream("log"); internal(); };
>
> destination d1 { file("d1"); };
> destination d2 { file("d2"); };
> destination d3 { file("d3"); };
>
> filter fn_snort { not match("snort"); };
> filter f_snort { match("snort"); }; # it works
>
> log { source(src); filter(fn_snort); destination(d1); };
> log { source(src); filter(f_snort); destination(d2); };
> log { source(src); destination(d3); };
>
> and I sent the following log messages:
>
> logger -u log "valami"
> logger -u log -t snort hallo
>
> It correctly sent messages to their appropriate destination. I suspect a
> bug
> in either Solaris or in Solaris/syslog-ng interoperation. Could anybody
> check this?
>
> --
> Bazsi
> PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
> 8EB1
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng