This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C22D75.09DCBD00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
hello,
i have changed my config as you told me to do:
destination local7 {
file("/var/log/syslog-ng/$SOURCEIP/local7.log"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(system) perm(0660) dir_perm(0770));
};
but i have still the same problem!=20
the message: "Jul 17 02:19:19 %STATIC-W-GWAYNOTREACH,/10.146.18.5 =
Gateway
172.28.3.126 is not reachable."=20
is stored in "/var/log/syslog-ng/%STATIC-W-GWAYNOTREACH,/local7.log" =
and not
in "/var/log/syslog-ng/10.146.18.5/local7.log" !!!
i hope you can help me once more
manfred b=FCrger
-----Urspr=FCngliche Nachricht-----
Von: Balazs Scheidler [mailto:bazsi@balabit.hu]
Gesendet: Dienstag, 16. Juli 2002 10:21
An: syslog-ng@lists.balabit.hu
Betreff: Re: [syslog-ng]logfile save problem (again ;)
On Tue, Jul 16, 2002 at 09:48:45AM +0200, Buerger, Manfred wrote:
> hello,=20
>=20
> I have allready posted my syslog-ng problem to this mailinglist on =
friday;
> now, I hope I can make things more clear:
>=20
> I am using Suse8.0 with syslog-ng to monitor enterasys ans cabletron
network
> equipment (switches, routers.... ); and have some problems with the
> configuration:
>=20
> in my syslog-ng.conf:
>=20
> destination local7 {
> file("/var/log/syslog-ng/$HOST/local7.log"
> sync(0) log_fifo_size(10) create_dirs(yes)
> owner(root) group(system) perm(0660) dir_perm(0770));
> };
>=20
> because of this configuration a system message like:
> "Jul 15 13:56:28 %STP-I-PORT_STATUS,/10.146.12.16 Port status change
> detected: et.3.6 - Port Up"
> should be stored in "/var/log/syslog-ng/10.146.12.16/local7.log"=20
> but it=B4s stored in: =
"/var/log/syslog-ng/%STP-I-PORT_STATUS,/local7.log".
destination local7 {
file("/var/log/syslog-ng/$SOURCEIP/local7.log"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(system) perm(0660) dir_perm(0770));
};
here's the list of macros you can use:
{ "FACILITY", M_FACILITY },
{ "PRIORITY", M_LEVEL },
{ "LEVEL", M_LEVEL },
{ "TAG", M_TAG },
{ "DATE", M_DATE },
{ "FULLDATE", M_FULLDATE },
{ "ISODATE", M_ISODATE },
{ "YEAR", M_YEAR },
{ "MONTH", M_MONTH },
{ "DAY", M_DAY },
{ "HOUR", M_HOUR },
{ "MIN", M_MIN },
{ "SEC", M_SEC },
{ "WEEKDAY", M_WEEKDAY },
{ "UNIXTIME", M_UNIXTIME },
{ "R_DATE", M_DATE_RECVD },
{ "R_FULLDATE", M_FULLDATE_RECVD },
{ "R_ISODATE", M_ISODATE_RECVD },
{ "R_YEAR", M_YEAR_RECVD },
{ "R_MONTH", M_MONTH_RECVD },
{ "R_DAY", M_DAY_RECVD },
{ "R_HOUR", M_HOUR_RECVD },
{ "R_MIN", M_MIN_RECVD },
{ "R_SEC", M_SEC_RECVD },
{ "R_WEEKDAY", M_WEEKDAY_RECVD },
{ "R_UNIXTIME", M_UNIXTIME_RECVD },
=20
{ "S_DATE", M_DATE_STAMP },
{ "S_FULLDATE", M_FULLDATE_STAMP },
{ "S_ISODATE", M_ISODATE_STAMP },
{ "S_YEAR", M_YEAR_STAMP },
{ "S_MONTH", M_MONTH_STAMP },
{ "S_DAY", M_DAY_STAMP },
{ "S_HOUR", M_HOUR_STAMP },
{ "S_MIN", M_MIN_STAMP },
{ "S_SEC", M_SEC_STAMP },
{ "S_WEEKDAY", M_WEEKDAY_STAMP },
{ "S_UNIXTIME", M_UNIXTIME_STAMP },
=20
{ "HOST_FROM", M_HOST_FROM },
{ "FULLHOST_FROM", M_FULLHOST_FROM },
{ "HOST", M_HOST },
{ "FULLHOST", M_FULLHOST },
{ "PROGRAM", M_PROGRAM },
{ "MSG", M_MESSAGE },
{ "MESSAGE", M_MESSAGE },
{ "SOURCEIP", M_SOURCE_IP }
you might also use HOST_FROM or FULLHOST_FROM if you want hostnames =
instead
of IPs (though it requires use_dns(yes))
--=20
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C =
8EB1
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
------_=_NextPart_001_01C22D75.09DCBD00
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
AW: [syslog-ng]logfile save problem (again ;)
hello,
i have changed my config as you told me to do:
destination local7 {
=
file("/var/log/syslog-ng/$SOURCEIP/local7.log"
=
sync(0) log_fifo_size(10) create_dirs(yes)
=
owner(root) group(system) perm(0660) dir_perm(0770));
};
but i have still the same problem!
the message: "Jul 17 02:19:19 =
%STATIC-W-GWAYNOTREACH,/10.146.18.5 Gateway 172.28.3.126 is not =
reachable."
is stored in =
"/var/log/syslog-ng/%STATIC-W-GWAYNOTREACH,/local7.log" and =
not in "/var/log/syslog-ng/10.146.18.5/local7.log" =
!!!
i hope you can help me once more
manfred b=FCrger
-----Urspr=FCngliche Nachricht-----
Von: Balazs Scheidler [mailto:bazsi@balabit.hu]
Gesendet: Dienstag, 16. Juli 2002 10:21
An: syslog-ng@lists.balabit.hu
Betreff: Re: [syslog-ng]logfile save problem (again =
;)
On Tue, Jul 16, 2002 at 09:48:45AM +0200, Buerger, =
Manfred wrote:
> hello,
>
> I have allready posted my syslog-ng problem to =
this mailinglist on friday;
> now, I hope I can make things more =
clear:
>
> I am using Suse8.0 with syslog-ng to monitor =
enterasys ans cabletron network
> equipment (switches, routers.... ); and have =
some problems with the
> configuration:
>
> in my syslog-ng.conf:
>
> destination local7 {
> =
file("/var/log/syslog-ng/$HOST/local7.log"
> =
sync(0) log_fifo_size(10) create_dirs(yes)
> =
owner(root) group(system) perm(0660) dir_perm(0770));
> };
>
> because of this configuration a system message =
like:
> "Jul 15 13:56:28 =
%STP-I-PORT_STATUS,/10.146.12.16 Port status change
> detected: et.3.6 - Port Up"
> should be stored in =
"/var/log/syslog-ng/10.146.12.16/local7.log"
> but it=B4s stored in: =
"/var/log/syslog-ng/%STP-I-PORT_STATUS,/local7.log".
destination local7 {
=
file("/var/log/syslog-ng/$SOURCEIP/local7.log"
=
sync(0) log_fifo_size(10) create_dirs(yes)
=
owner(root) group(system) perm(0660) dir_perm(0770));
};
here's the list of macros you can use:
&nb=
sp; { "FACILITY", M_FACILITY =
},
&nb=
sp; { "PRIORITY", M_LEVEL },
&nb=
sp; { "LEVEL", M_LEVEL },
&nb=
sp; { "TAG", M_TAG },
&nb=
sp; { "DATE", M_DATE },
&nb=
sp; { "FULLDATE", M_FULLDATE =
},
&nb=
sp; { "ISODATE", M_ISODATE },
&nb=
sp; { "YEAR", M_YEAR },
&nb=
sp; { "MONTH", M_MONTH },
&nb=
sp; { "DAY", M_DAY },
&nb=
sp; { "HOUR", M_HOUR },
&nb=
sp; { "MIN", M_MIN },
&nb=
sp; { "SEC", M_SEC },
&nb=
sp; { "WEEKDAY", M_WEEKDAY },
&nb=
sp; { "UNIXTIME", M_UNIXTIME =
},
&nb=
sp; { "R_DATE", M_DATE_RECVD =
},
&nb=
sp; { "R_FULLDATE", M_FULLDATE_RECVD =
},
&nb=
sp; { "R_ISODATE", M_ISODATE_RECVD =
},
&nb=
sp; { "R_YEAR", M_YEAR_RECVD =
},
&nb=
sp; { "R_MONTH", M_MONTH_RECVD =
},
&nb=
sp; { "R_DAY", M_DAY_RECVD },
&nb=
sp; { "R_HOUR", M_HOUR_RECVD =
},
&nb=
sp; { "R_MIN", M_MIN_RECVD },
&nb=
sp; { "R_SEC", M_SEC_RECVD },
&nb=
sp; { "R_WEEKDAY", M_WEEKDAY_RECVD =
},
&nb=
sp; { "R_UNIXTIME", M_UNIXTIME_RECVD =
},
=
; { "S_DATE", =
M_DATE_STAMP },
&nb=
sp; { "S_FULLDATE", M_FULLDATE_STAMP =
},
&nb=
sp; { "S_ISODATE", M_ISODATE_STAMP =
},
&nb=
sp; { "S_YEAR", M_YEAR_STAMP =
},
&nb=
sp; { "S_MONTH", M_MONTH_STAMP =
},
&nb=
sp; { "S_DAY", M_DAY_STAMP },
&nb=
sp; { "S_HOUR", M_HOUR_STAMP =
},
&nb=
sp; { "S_MIN", M_MIN_STAMP },
&nb=
sp; { "S_SEC", M_SEC_STAMP },
&nb=
sp; { "S_WEEKDAY", M_WEEKDAY_STAMP =
},
&nb=
sp; { "S_UNIXTIME", M_UNIXTIME_STAMP =
},
&nb=
sp;
&nb=
sp; { "HOST_FROM", M_HOST_FROM =
},
&nb=
sp; { "FULLHOST_FROM", =
M_FULLHOST_FROM },
&nb=
sp; { "HOST", M_HOST },
&nb=
sp; { "FULLHOST", M_FULLHOST =
},
&nb=
sp; { "PROGRAM", M_PROGRAM },
&nb=
sp; { "MSG", M_MESSAGE },
&nb=
sp; { "MESSAGE", M_MESSAGE },
&nb=
sp; { "SOURCEIP", M_SOURCE_IP =
}
you might also use HOST_FROM or FULLHOST_FROM if you =
want hostnames instead
of IPs (though it requires use_dns(yes))
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C =
0944 9CFD 804E C82C 8EB1
_______________________________________________
syslog-ng maillist - =
syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
------_=_NextPart_001_01C22D75.09DCBD00--