[syslog-ng]2 more question...please help
Keven Belanger
kbelanger@logicon.ca
Tue, 27 Aug 2002 11:23:05 -0400
This is a multi-part message in MIME format.
------_=_NextPart_001_01C24DDD.A3CAB19B
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Okay! We have 2 problems;
=20
1- The hostname of the syslog receiver is SECU-Rcv1 and SECU-Rcv2
So with a destinations like destination: d_std { =
file("/export/disk1/log/$HOST/$YEAR/$MONTH/messages.log"); };
We receive the log in /export/disk1/log/SECU-Rcv2 on the local host =
why not the ip like other host ??
=20
2- We have 2 syslog collector and a big config file with each host =
(customer) defined line by line and a rule with unknown,
the problem is that each host log correctly to the respective =
directory but they also log to my unknown directory, I want
to be able to say, if no filter match, log to unknown...
=20
Thanx a lot!
=20
K=E9ven Belanger
Analyste en solutions de s=E9curit=E9
Logicon Inc. - Division S=E9curit=E9
819.825.8049 x7717
800.567.6399 x7717
=20
------_=_NextPart_001_01C24DDD.A3CAB19B
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C24DBC.1C228550">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:HyphenationZone>21</w:HyphenationZone>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:536871559 0 0 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
{margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:216288176;
mso-list-type:hybrid;
mso-list-template-ids:1792179714 -927563080 202113049 202113051 =
202113039 202113049 202113051 202113039 202113049 202113051;}
@list l0:level1
{mso-level-text:%1-;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:953946988;
mso-list-type:hybrid;
mso-list-template-ids:289711106 -412599050 202113049 202113051 =
202113039 202113049 202113051 202113039 202113049 202113051;}
@list l1:level1
{mso-level-text:%1-;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2
{mso-list-id:1159493688;
mso-list-type:hybrid;
mso-list-template-ids:131621548 -1167064724 202113049 202113051 =
202113039 202113049 202113051 202113039 202113049 202113051;}
@list l2:level1
{mso-level-text:%1-;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DFR-CA link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:35.4pt'>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'>Okay! We have 2 =
problems;<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><o:p> </o:p></span=
></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'>1- The hostname of the =
<span
class=3DSpellE>syslog</span> receiver is SECU-Rcv1 and =
SECU-Rcv2<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><span
style=3D'mso-spacerun:yes'>=A0=A0 </span>So with a destinations like
destination:<span style=3D'mso-spacerun:yes'>=A0=A0 </span><span =
class=3DSpellE>d_<span
class=3DGramE>std</span></span><span class=3DGramE><span =
style=3D'mso-spacerun:yes'>=A0
</span>{</span>
file("/export/disk1/log/$HOST/$YEAR/$MONTH/messages.log"); =
};<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><span
style=3D'mso-spacerun:yes'>=A0=A0 </span>We receive the log in =
/export/disk1/log/SECU-Rcv2
on the local host why not the <span class=3DSpellE>ip</span> like other =
<span
class=3DGramE>host ??</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><o:p> </o:p></span=
></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'>2- We have 2 <span
class=3DSpellE>syslog</span> collector and a big <span =
class=3DSpellE>config</span>
file with each host (customer) defined line by line and a rule with =
unknown,<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><span
style=3D'mso-spacerun:yes'>=A0=A0 </span><span class=3DGramE>the</span> =
problem is that
each host log correctly to the respective directory but they also log to =
my
unknown directory, I want<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><span
style=3D'mso-spacerun:yes'>=A0=A0 </span><span class=3DGramE>to</span> =
be able to say,
if no filter match, log to unknown...<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><span
style=3D'mso-spacerun:yes'>=A0=A0 </span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><span
style=3D'mso-spacerun:yes'>=A0=A0 </span><span =
class=3DSpellE>Thanx</span> a lot!<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'><o:p> </o:p></span=
></font></p>
<p class=3DMsoAutoSig><font size=3D2 face=3DVerdana><span lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Verdana;mso-ansi-language:EN-US;mso=
-no-proof:
yes'>K=E9ven Belanger</span></font><span lang=3DEN-US =
style=3D'mso-ansi-language:
EN-US;mso-no-proof:yes'><o:p></o:p></span></p>
<p class=3DMsoAutoSig><font size=3D2 face=3DVerdana><span =
style=3D'font-size:10.0pt;
font-family:Verdana;mso-no-proof:yes'>Analyste en solutions de =
s=E9curit=E9<br>
Logicon Inc. - Division S=E9curit=E9<br>
</span></font><font size=3D2 face=3DVerdana><span lang=3DFR =
style=3D'font-size:10.0pt;
font-family:Verdana;mso-ansi-language:FR;mso-no-proof:yes'>819.825.8049 =
x7717</span></font><span
lang=3DFR =
style=3D'mso-ansi-language:FR;mso-no-proof:yes'><o:p></o:p></span></p>
<p class=3DMsoAutoSig><font size=3D2 face=3DVerdana><span lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Verdana;mso-ansi-language:EN-US;mso=
-no-proof:
yes'>800.567.6399 x7717</span></font><span lang=3DEN-US =
style=3D'mso-ansi-language:
EN-US;mso-no-proof:yes'><o:p></o:p></span></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C24DDD.A3CAB19B--