[syslog-ng]Different messages being logged

Tom Horan thos@esat.com
Fri, 19 Apr 2002 15:46:55 +0100 

Hi,
I'm running syslog-ng 1.4.14 on a RedHat 7 box, using it to log messages
from a mixture of 10.20 and 11.0 HP-UX boxes. The HP boxes are using their
own syslog here. I've got messages coming in from the hosts fine, but some
stuff isnt coming through - ie syslog on the local box has more messages
that the log on the central syslog-ng server. In particular is anything
coming from vmunix.

Here is what my config file looks like, it is taken from a sample config
with just the udp added in and the $HOST variable added in for paths.

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (yes);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (no);
        };

source s_sys { unix-stream ("/dev/log"); internal(); udp(ip(10.16.6.102)
port(51
4)); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/syslog/$HOST/messages"); };
destination d_auth { file("/var/syslog/$HOST/secure"); };
destination d_mail { file("/var/syslog/$HOST/maillog"); };
destination d_spol { file("/var/syslog/$HOST/spooler"); };
destination d_boot { file("/var/syslog/$HOST/boot.log"); };
destination d_mlal { usertty("*"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) or
                     facility(mail) or facility(authpriv); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };


The syslog.conf from my HPUX box has the following line added
*.info;mail.none        @central-syslog-server

I figure its got something to do with filters, but I dont know where to
start. Basically I want everything logged and then I'll start deciding what
to filter out.

Can anyone help me out here ?

Thanks,
Tom



************************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.

http://www.esatbusiness.com

Subscribe to the Esat Business Online Magazine:
http://www.esatbusiness.com/news/subscribe.asp

Subscribe to REALISE - the online magazine from BT Ignite:
http://www.btignite.com/realise

************************************************************************