This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C22E32.57FA5020
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello,
For test purposes i have changed my configuration, as you told me to =
do: now
i try $HOST, $SOURCEIP and $SOURCE_IP for the destination folder, but
nothing works!
Take a look at my config, please:
# Syslog-ng configuration.
#
# what the default options are for files that it writes
#
options { sync(0); time_reopen(10); log_fifo_size(100); };
source src {
unix-stream("/dev/log");
internal();
udp(ip("0.0.0.0") port(514));
};
filter f_messages { facility(local7); };
filter f_bootlog { facility(local7); };
filter f_authlog { facility(local7); };
#i know that this filter config doesn=B4t make sense; its only for =
testing
purposes!
destination messages {
file("/var/log/syslog-ng/$SOURCE_IP/messages"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(system) perm(0660) dir_perm(0770));
};
destination bootlog {
file("/var/log/syslog-ng/$SOURCEIP/boot.log"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(system) perm(0660) dir_perm(0770));
};
destination authlog {
file("/var/log/syslog-ng/$HOST/secure.log"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(system) perm(0660) dir_perm(0770));
};
log { source(src);
filter(f_messages);
destination(messages);
};
log { source(src);
filter(f_bootlog);
destination(bootlog);
};
log { source(src);
filter(f_authlog);
destination(authlog);
};
The results of this config:
destination messages (with $SOURCE_IP in the pathname) writes the file
"messages" to "/var/log/syslog-ng/messages"
destination bootlog (with $SOURCEIP in the pathname) writes the file
"boot.log" to "/var/log/syslog-ng/boot.log"
destination authlog (with $HOST in the pathname) works fine for Cisco
network components! e.g. the logfile is stored in
"/var/log/syslog-ng/10.146.18.3".Well!!! As i wrote in an earlier mail =
it
don=B4t work with enterasys/cabletron stuff. They build folders like =
this:
/var/log/syslog-ng # ll
total 79
drwxr-x--- 2 root root 72 Jul 9 17:56 =
%CLI-E-FACUNKNWN,
drwxr-x--- 2 root root 72 Jul 13 20:16 =
%CLI-E-INCMPCMD,
drwxr-x--- 2 root root 72 Jul 9 19:05 =
%CLI-W-MODNOTFOUND,
drwxr-x--- 2 root root 72 Jul 17 07:38 =
%CONFIG-E-SEARCH,
drwxr-x--- 2 root root 72 Jul 14 00:23 =
%CONFIG-I-NOCHANGES,
At least please take a look at the Syslogmessages sent by different =
network
components!
The Enterasys/Cabletron components send messages like this:=20
Jul 17 09:10:48 %STP-I-PORT_STATUS,/10.146.12.16 Port status change
detected: et.1.7 - Port Down
The Cisco=B4s use another formatting:
Jul 18 09:31:02 10.146.18.3/10.146.18.3 5392: 3w2d: =
%AMDP2_FE-5-EXCESSCOLL:
Ethernet1/0 TDR=3D2, TRC=3D0
Could this cause the problem?? What can I do?? (perhaps some important
information: i am using syslog-ng version 1.4.14)
Thank you in advance
manfred b=FCrger
-----Urspr=FCngliche Nachricht-----
Von: Balazs Scheidler [mailto:bazsi@balabit.hu]
Gesendet: Mittwoch, 17. Juli 2002 13:35
An: syslog-ng@lists.balabit.hu
Betreff: Re: [syslog-ng]logfile save problem (again ;)
On Wed, Jul 17, 2002 at 11:33:41AM +0200, Buerger, Manfred wrote:
> hello,
>=20
> i have changed my config as you told me to do:
>=20
> destination local7 {
> file("/var/log/syslog-ng/$SOURCEIP/local7.log"
> sync(0) log_fifo_size(10) create_dirs(yes)
> owner(root) group(system) perm(0660) dir_perm(0770));
> };
>=20
> but i have still the same problem!=20
> the message: "Jul 17 02:19:19 %STATIC-W-GWAYNOTREACH,/10.146.18.5 =
Gateway
> 172.28.3.126 is not reachable."=20
> is stored in "/var/log/syslog-ng/%STATIC-W-GWAYNOTREACH,/local7.log" =
and
not
> in "/var/log/syslog-ng/10.146.18.5/local7.log" !!!
Are you sure you have reloaded the configuration?
SOURCE_IP always inserts IP addresses, as the following snippet shows:
case M_SOURCE_IP: {
char *ip;
=20
if (msg->saddr) {
CAST(inet_address_info, addr, msg->saddr);
=20
ip =3D inet_ntoa(addr->sa.sin_addr);
}
else {
ip =3D "127.0.0.1";
}
length =3D append_string(dest, left, ip, strlen(ip), =
escape);
break;
}
--=20
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C =
8EB1
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
------_=_NextPart_001_01C22E32.57FA5020
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
AW: [syslog-ng]logfile save problem (again ;)
Hello,
For test purposes i have changed my configuration, as =
you told me to do: now i try $HOST, $SOURCEIP and $SOURCE_IP for the =
destination folder, but nothing works!
Take a look at my config, please:
# Syslog-ng configuration.
#
# what the default options are for files that it =
writes
#
options { sync(0); time_reopen(10); =
log_fifo_size(100); };
source src {
=
unix-stream("/dev/log");
=
internal();
=
udp(ip("0.0.0.0") port(514));
};
filter f_messages { facility(local7); };
filter f_bootlog { facility(local7); };
filter f_authlog { facility(local7); };
#i know that this filter config doesn=B4t make =
sense; its only for testing purposes!
destination messages {
=
file("/var/log/syslog-ng/$SOURCE_IP/messages"
=
sync(0) log_fifo_size(10) create_dirs(yes)
=
owner(root) group(system) perm(0660) dir_perm(0770));
};
destination bootlog {
=
file("/var/log/syslog-ng/$SOURCEIP/boot.log"
=
sync(0) log_fifo_size(10) create_dirs(yes)
=
owner(root) group(system) perm(0660) dir_perm(0770));
};
destination authlog {
=
file("/var/log/syslog-ng/$HOST/secure.log"
=
sync(0) log_fifo_size(10) create_dirs(yes)
=
owner(root) group(system) perm(0660) dir_perm(0770));
};
log { source(src);
=
filter(f_messages);
=
destination(messages);
};
log { source(src);
=
filter(f_bootlog);
=
destination(bootlog);
};
log { source(src);
=
filter(f_authlog);
=
destination(authlog);
};
The results of this config:
destination messages (with $SOURCE_IP in the =
pathname) writes the file "messages" to =
"/var/log/syslog-ng/messages"
destination bootlog (with $SOURCEIP in the pathname) =
writes the file "boot.log" to =
"/var/log/syslog-ng/boot.log"
destination authlog (with $HOST in the pathname) =
works fine for Cisco network components! e.g. the logfile is stored in =
"/var/log/syslog-ng/10.146.18.3".Well!!! As i wrote in an =
earlier mail it don=B4t work with enterasys/cabletron stuff. They build =
folders like this:
/var/log/syslog-ng # ll
total 79
drwxr-x--- 2 =
root =
root 72 =
Jul 9 17:56 %CLI-E-FACUNKNWN,
drwxr-x--- 2 =
root =
root 72 Jul =
13 20:16 %CLI-E-INCMPCMD,
drwxr-x--- 2 =
root =
root 72 =
Jul 9 19:05 %CLI-W-MODNOTFOUND,
drwxr-x--- 2 =
root =
root 72 Jul =
17 07:38 %CONFIG-E-SEARCH,
drwxr-x--- 2 =
root =
root 72 Jul =
14 00:23 %CONFIG-I-NOCHANGES,
At least please take a look at the Syslogmessages =
sent by different network components!
The Enterasys/Cabletron components send messages =
like this:
Jul 17 09:10:48 %STP-I-PORT_STATUS,/10.146.12.16 Port =
status change detected: et.1.7 - Port Down
The Cisco=B4s use another formatting:
Jul 18 09:31:02 10.146.18.3/10.146.18.3 5392: 3w2d: =
%AMDP2_FE-5-EXCESSCOLL: Ethernet1/0 TDR=3D2, TRC=3D0
Could this cause the problem?? What can I do?? =
(perhaps some important information: i am using syslog-ng version =
1.4.14)
Thank you in advance
manfred b=FCrger
-----Urspr=FCngliche Nachricht-----
Von: Balazs Scheidler [mailto:bazsi@balabit.hu]
Gesendet: Mittwoch, 17. Juli 2002 13:35
An: syslog-ng@lists.balabit.hu
Betreff: Re: [syslog-ng]logfile save problem (again =
;)
On Wed, Jul 17, 2002 at 11:33:41AM +0200, Buerger, =
Manfred wrote:
> hello,
>
> i have changed my config as you told me to =
do:
>
> destination local7 {
> =
file("/var/log/syslog-ng/$SOURCEIP/local7.log"
> =
sync(0) log_fifo_size(10) create_dirs(yes)
> =
owner(root) group(system) perm(0660) dir_perm(0770));
> };
>
> but i have still the same problem!
> the message: "Jul 17 02:19:19 =
%STATIC-W-GWAYNOTREACH,/10.146.18.5 Gateway
> 172.28.3.126 is not reachable."
> is stored in =
"/var/log/syslog-ng/%STATIC-W-GWAYNOTREACH,/local7.log" and =
not
> in =
"/var/log/syslog-ng/10.146.18.5/local7.log" !!!
Are you sure you have reloaded the =
configuration?
SOURCE_IP always inserts IP addresses, as the =
following snippet shows:
case =
M_SOURCE_IP: {
&nb=
sp; char *ip;
&nb=
sp;
&nb=
sp; if (msg->saddr) {
&nb=
sp; &nb=
sp; CAST(inet_address_info, addr, msg->saddr);
&nb=
sp;
&nb=
sp; &nb=
sp; ip =3D inet_ntoa(addr->sa.sin_addr);
&nb=
sp; }
&nb=
sp; else {
&nb=
sp; &nb=
sp; ip =3D "127.0.0.1";
&nb=
sp; }
&nb=
sp; length =3D append_string(dest, left, ip, =
strlen(ip), escape);
&nb=
sp; break;
}
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C =
0944 9CFD 804E C82C 8EB1
_______________________________________________
syslog-ng maillist - =
syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
------_=_NextPart_001_01C22E32.57FA5020--