[syslog-ng]Please help with simple syslog-ng.conf creation qu
estions....
Hamilton, Andrew
Andrew.Hamilton@afccc.af.mil
Tue, 4 Feb 2003 15:51:47 -0500
Chris,
Names don't matter much to syslog-ng. You just don't want to use any of the
keywords. I'm
not sure that syslog-ng even cares about that but it could confuse the
reader. To add a
network source, use udp, tcp or both. Like this:
source src { unix-stream("/dev/log"); pipe("/proc/kmsg"); tcp(); udp();
internal(); };
by default you get the installed interface and port 514. Both of which can
be specified:
tcp(ip("192.168.0.2") port(555)); You might check the syntax of that in the
docs, I haven't
used it in a while. It may be slightly different, but that is the
principal. udp is the
same.
Regards,
Drew
-----Original Message-----
From: seberino@spawar.navy.mil
To: Hamilton, Andrew
Cc: syslog-ng@lists.balabit.hu
Sent: 2/3/2003 3:23 PM
Subject: Re: [syslog-ng]Please help with simple syslog-ng.conf creation qu
estions....
Andrew
Thanks again for all your help. I combined all your tips
to make a simple "just put everything in /var/log/messages for now"
version of /etc/syslog-ng/syslog-ng.conf....
----
source src {unix-stream("/dev/log"); pipe("/proc/kmsg");
internel();};
destination dest {file("/var/log/messages");};
log {source(src); destination(dest);};
----
Can I ask you a few more questions about this?
I called my identifiers "src" and "dest". I assume it does not
matter what I call these as long as I use those same identifiers
in log line???
Since Red Hat is not set up to use syslog-ng by default, I assume I must
remove syslogd and klogd from startup "things to do list" and start
/usr/local/sbin/syslog-ng from /etc/rc.d/rc.local myself???
If I want syslog-ng to accept remote messages from remote syslog-ng
daemons,
must I add something else to syslog-ng.conf above such as item
regarding port #514 UDP??? (syslog is tied to this port). I need to ask
this because the word "remote" is NOT even mentioned in the syslog-ng
docs???!?!?
Thanks again,
Chris
On Mon, Feb 03, 2003 at 08:28:32AM -0500, Hamilton, Andrew wrote:
> It depends on what you want to do. I think it is a good idea to run
kernel
> messages through syslog-ng. I have less overhead and less to worry
about.
> The source you have is correct.
>
> Regards,
>
> Drew
>
> -----Original Message-----
> From: seberino@spawar.navy.mil [mailto:seberino@spawar.navy.mil]
> Sent: Friday, January 31, 2003 6:59 PM
> To: Hamilton, Andrew
> Cc: syslog-ng@lists.balabit.hu
> Subject: Re: [syslog-ng]Please help with simple syslog-ng.conf
creation
> qu estions....
>
>
> Andrew
>
> Thanks! There is lots to learn since config file much
> more complicated now.
>
> Do you run syslog-ng daemon AND klogd too???
>
> FAQ says to have syslog-ng handle kernel messages I must
> kill klogd and add this to syslog-ng.conf....
>
> source src { pipe("/proc/kmsg"); unix-stream("/dev/log"); internel();
};
>
> I assume this is a good idea. Perhaps that is what you do???
>
> Thanks again,
>
> Chris
>
>
> On Thu, Jan 30, 2003 at 02:14:27PM -0500, Hamilton, Andrew wrote:
> > Nope. But you can do this:
> >
> > source s_all{ unix-stream("/dev/log"); internal(); };
> > destination d_messages { file("/var/log/messages"); };
> >
> > log { source(s_all); destination(d_messages); };
> >
> > That should do it. If you are using Solaris you should use
> >
> > source local { sun-streams("/dev/log" door("/etc/.syslog_door"));
> > internal(); };
> >
> > Look in the syslog-ng/doc directory for sample configs.
> >
> >
> > Regards,
> >
> > Drew
> >
> > -----Original Message-----
> > From: seberino@spawar.navy.mil [mailto:seberino@spawar.navy.mil]
> > Sent: Thursday, January 30, 2003 2:01 PM
> > To: syslog-ng@lists.balabit.hu
> > Subject: [syslog-ng]Please help with simple syslog-ng.conf creation
> > questions....
> >
> >
> > configure;make;make install of syslog-ng source did not create
> > /etc/syslog-ng directory with
> > /etc/syslog-ng.conf ready to go.
> >
> > I assume I must create this directory and file
> > myself???
> >
> > syslog-ng has *tons* of features. Please tell
> > me how I can just throw everything into /var/log/messages.
> > I don't require fancy stuff just yet.
> >
> > In old syslog.conf this would be:
> >
> > *.info /var/log/messages
> >
> > Will syslog-ng recognize a one line syslog-ng.conf
> > containing this old style config???
> >
> > thanks,
> >
> > Chris
> > --
> > _______________________________________
> >
> > Dr. Christian Seberino
> > SPAWAR Systems Center San Diego
> > Code 2363
> > 49590 Lassing Road, Room A339
> > San Diego, CA 92152-6147
> > U.S.A.
> >
> > Phone: (619) 553-7940
> > Fax: (619) 553-1269
> > Email: seberino@spawar.navy.mil
> > _______________________________________
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at
http://www.campin.net/syslog-ng/faq.html
>
> --
> _______________________________________
>
> Dr. Christian Seberino
> SPAWAR Systems Center San Diego
> Code 2872
> San Diego, CA 92152-6147
> U.S.A.
>
> Phone: (619) 553-9973
> Fax:
> Email: seberino@spawar.navy.mil
> _______________________________________
--
_______________________________________
Dr. Christian Seberino
SPAWAR Systems Center San Diego
Code 2872
San Diego, CA 92152-6147
U.S.A.
Phone: (619) 553-9973
Fax:
Email: seberino@spawar.navy.mil
_______________________________________